Collaborate Disseminate
My client says their API traffic must take the path WAF -> Custom Firewall -> Backend API. Also, mTLS must be terminated after the traffic has gone through the network appliance.
I have created an Envoy proxy that can perform mTLS be… Continue reading Using HTTP header to transmit client certificate for mTLS
I am attempting to inject a carriage-return + newline in a HTTP request header value. My understanding is that this is possible with HTTP/2 and HTTP/3. However, when I send a request with Burp I get this error:
RST_STREAM received with er… Continue reading CRLF in HTTP/2 header value
cURL is returning a 200 status code after correct login. The common response code after user login should be 302. Why am I not receiving this status code? All information is provided below.
#!/usr/bin/env zsh
printf "\nsending raw re… Continue reading cURL not returning status 302 after correct login for Hack the Box Machine ‘Crocodile’
If I send an unknown domain name in the HTTP request header ‘Host’ to a webserver and the webserver responds with a HTTP status code 301/302 (redirect) along with a HTTP response header ‘Location’ reflecting my initial Host header input.
D… Continue reading Is a random unknown HTTP request header ‘Host’ that is reflected in the HTTP response ‘Location" header (3xx) a open redirect or DNS rebinding?
I’m looking into the risks associated with the use of the HTTP ‘Etag’ header and found the following relevant information already.
Information Disclosure (inodes)
This article titled: "Vulnerabilities that aren’t. ETag headers" f… Continue reading Should the use of the HTTP ‘ETag’ header be avoided for security and privacy concerns?
I’ve been reading a bunch on how caching of web pages is handled, I feel like I have a good grasp on everything, but I’ve encountered something I don’t understand.
I’m testing a site and it sends the same caching headers on every HTTPS res… Continue reading Why is one particular page not being cached, and the others are? all have same caching headers [migrated]
I have a web application that retrieves HTML snippets from the server and places them on the page, using JavaScript. The server responds with a small part of a HTML document. What Content-Type header should I use? Marking it as text/html m… Continue reading Which response headers for HTML snippets?
I am using Outlook for my company and I got an email from an external domain. I have analyzed the email headers and the email headers have two headers:
Authentication-Results
X-MS-Exchange-Authentication-Results
Can someone help me under… Continue reading Difference between Authentication-Results and X-MS-Exchange-Authentication-Results email headers [closed]
I understand that a header like X-Powered-By can reveal details about the operating environment that can be used to find known vulnerabilities because you often get the language and compiler/interpreter/operating environment versions.
With… Continue reading Verbose Headers/Information Leakage via HttpResponse Headers vs fingerprinting via named headers
It is common to say that CORS headers protect against CSRF, so that if you visit a malicious website, it cannot make a request to your web application because the referer header (the URL of the malicious website) wouldn’t be allowed by the… Continue reading Are CORS headers useless?