About headerpwn
HeaderPWN is a fuzzing tool for server responses and HTTP headers, which allows researchers to find network anomalies and analyze how the server responds to different HTTP headers.
Function introduction
The current version of HeaderPWN supports the following features:
1. Server security and anomaly detection;
2、HTTP Header检测;
3. Test how the server responds to different HTTP headers;
4. Report output and command line display;
5. User-friendly and simple to operate;
Tool Requirements:
Go
Tool download
Since the tool is based on Go, we first need to install and configure the latest version of Go on our local device.
Next, researchers can use the following command to download and install headerpwn:
go install github.com/devanshbatham/[email protected]
Tool use
Headerpwn can help researchers test various headers on target URLs and analyze their responses, using the following tools:
1. Use the -url parameter to provide the target URL to be tested to the headerpwn;
2. Create a header list file containing the URL of the target to be tested, in which each header has a separate line, and use the -headers parameter to specify the path of the list file to the headerpwn;
Examples of use are as follows:
headerpwn -url https://example.com -headers my_headers.txt
The my_headers.txt data format is as follows:
Proxy-Authenticate: foobar
Proxy-Authentication-Required: foobar
Proxy-Authorization: foobar
Proxy-Connection: foobar
Proxy-Host: foobar
Proxy-Http: foobar
Proxy requests through Burp Suite
We can follow these steps for Burp Suite proxy requests:
Export Burp's certificate
1. In Burp Suite, go to the "Agents" tab;
2. In the "Proxy Listener" page, select the configured listener 127.0.0.1:8080;
3. Click the "Import/Export CA Certificate" button;
4. In the certificate window, click "Export Certificate" and save the certificate file (e.g. burp.der);
Install Burp's certificate
1. Install the exported certificate on your system as a trusted certificate. This depends on your operating system;
2. On Windows, you can double-click .cer file and follow the prompts to install it in the "Trusted Root Certification Authority" store;
3. On macOS, you can double-click .cer file and add it to the "Keychain Access" application in the "System" keychain;
4. On Linux, you may need to copy the certificate to a trusted certificate location and configure the system to trust it;
Next, run the following command:
headerpwn -url https://example.com -headers my_headers.txt -proxy 127.0.0.1:8080
tool runs the demo
License Agreement
This project is developed and released under an open source license.
Project address
headerpwn:https://github.com/devanshbatham/headerpwn
Resources
https://github.com/danielmiessler/SecLists