headerpwn

command module

v0.0.0-...-532189a Latest Latest Go to latest Published: Dec 14, 2023 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Nickguitar/headerpwn

Links

Open Source Insights

README ¶

headerpwn

A fuzzer for analyzing how servers respond to different HTTP headers.

🏗️ Install ⛏️ Usage 📡 Proxying HTTP Requests

Install

To install headerpwn, run the following command:

go install github.com/devanshbatham/headerpwn@v0.0.3

Usage

headerpwn allows you to test various headers on a target URL and analyze the responses. Here's how to use the tool:

Provide the target URL using the -url flag.
Create a file containing the headers you want to test, one header per line. Use the -headers flag to specify the path to this file.

Example usage:

headerpwn -url https://example.com -headers my_headers.txt
headerpwn -url https://example.com -headers my_headers.txt -rua
headerpwn -url https://example.com -headers my_headers.txt -user-agent "Mozilla/4.0"

Format of my_headers.txt should be like below:

Proxy-Authenticate: foobar
Proxy-Authentication-Required: foobar
Proxy-Authorization: foobar
Proxy-Connection: foobar
Proxy-Host: foobar
Proxy-Http: foobar

Proxying requests through Burp Suite:

Follow following steps to proxy requests through Burp Suite:

Export Burp's Certificate:
- In Burp Suite, go to the "Proxy" tab.
- Under the "Proxy Listeners" section, select the listener that is configured for 127.0.0.1:8080
- Click on the "Import/ Export CA Certificate" button.
- In the certificate window, click "Export Certificate" and save the certificate file (e.g., burp.der).
Install Burp's Certificate:
- Install the exported certificate as a trusted certificate on your system. How you do this depends on your operating system.
- On Windows, you can double-click the .cer file and follow the prompts to install it in the "Trusted Root Certification Authorities" store.
- On macOS, you can double-click the .cer file and add it to the "Keychain Access" application in the "System" keychain.
- On Linux, you might need to copy the certificate to a trusted certificate location and configure your system to trust it.

You should be all set:

headerpwn -url https://example.com -headers my_headers.txt -proxy 127.0.0.1:8080

proxy

proxy-burp

Credits

The headers.txt file is compiled from various sources, including the Seclists project. These headers are used for testing purposes and provide a variety of scenarios for analyzing how servers respond to different headers.

The useragents.txt file is the one used by SQLMap.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL