Block Origin header in Firefox
I’ve discovered that it is possible to suppress sending the Referer header when using Firefox by specifying a particular value in about:config.
Is it also possible to suppress sending the Origin header?
Category Archives: header
How to manually connect to my web server and send a TLS handshake with a hostname, followed by the HTTP request headers with a different hostname
My Apache web server logs suffer from the dreaded [ssl:error] AH02032: Hostname www.example.com provided via SNI and hostname example.com provided via HTTP are different.
I know what it means and why it happens.
I need to manually reproduc… Continue reading How to manually connect to my web server and send a TLS handshake with a hostname, followed by the HTTP request headers with a different hostname
Url only works from the browser it is generated from. Copying it into a Curl Command fails, and gives a 403 error. How can I fix this?
I am doing some web scraping for streaming files, .m3u8 mime type. In this particular instance, I can’t create a functional request that does not end up with a 403 Forbidden error.
How to reproduce:
Go here in the browser: https://sbplay…. Continue reading Url only works from the browser it is generated from. Copying it into a Curl Command fails, and gives a 403 error. How can I fix this?
Find IP address of Gmail scammer [closed]
Is it possible to find the IP address of a scammer who sent a fraud attempt with Google mail? This is the mail header (I had to put as image because when I paste the header the site says it is spam)
Using Fishing Wire To Hold In Pin Headers Is A Nifty Trick
Working on a breadboard, one can get used to the benefits of being able to readily plug and unplug jumper wires to reconfigure a project. One could only dream of …read more Continue reading Using Fishing Wire To Hold In Pin Headers Is A Nifty Trick
HttpResponse Headers Information Leakage on Server Error (Verbose Headers)
In the past I have dealt with security issues related to Default Service Banners/Verbose Headers/Information Leakage via HttpResponse Headers. These issues are quite common, and usually look something like this for an Asp.Net – IIS Server… Continue reading HttpResponse Headers Information Leakage on Server Error (Verbose Headers)
Do relative paths mitigate HTTP Host Header attacks?
I have been researching http host header attacks. There are many examples such as <a href="https://_SERVER[‘HOST’]/support">Contact support</a>. Why would anyone use an absolute path for resources served by the same s… Continue reading Do relative paths mitigate HTTP Host Header attacks?
Cookies Vs Headers For REST API User Authentication Token
I’m working on a small rest api project with user authentication.
But I’m wondering whether I should store the users authentication token in a header or a cookie.
The general idea is as follows:
User makes a POST request to /tokens/authen… Continue reading Cookies Vs Headers For REST API User Authentication Token
Tools to intercept a HTTPS GET and change header Status Code during a re-direct?
When a re-direct from a HTML/PHP site takes a couple seconds, can a tool edit the ‘Status Code’ header to skip to the site which requires an access-token.? Which tools, COTS or open-source can do it? Which Burp tool option (like Pro level)… Continue reading Tools to intercept a HTTPS GET and change header Status Code during a re-direct?
Modifying UserAgent by a proxy?
For learning and testing purposes I’d like to change the UserAgent in the HTTP header.
In the desktop Firefox it is simple: there is an add-on for this task. But on android… it is impossible.
I thought, I will setup a proxy (privoxy for … Continue reading Modifying UserAgent by a proxy?