headerpwn
A fuzzer for analyzing how servers respond to different HTTP headers.
🏗️ Install
⛏️ Usage
📡 Proxying HTTP Requests
Install
To install headerpwn
, run the following command:
go install github.com/devanshbatham/headerpwn@v0.0.2
Usage
headerpwn allows you to test various headers on a target URL and analyze the responses. Here's how to use the tool:
- Provide the target URL using the
-url
flag.
- Create a file containing the headers you want to test, one header per line. Use the
-headers
flag to specify the path to this file.
Example usage:
headerpwn -url https://example.com -headers my_headers.txt
- Format of
my_headers.txt
should be like below:
Proxy-Authenticate: foobar
Proxy-Authentication-Required: foobar
Proxy-Authorization: foobar
Proxy-Connection: foobar
Proxy-Host: foobar
Proxy-Http: foobar
Proxying requests through Burp Suite:
Follow following steps to proxy requests through Burp Suite:
You should be all set:
headerpwn -url https://example.com -headers my_headers.txt -proxy 127.0.0.1:8080
Credits
The headers.txt
file is compiled from various sources, including the Seclists project. These headers are used for testing purposes and provide a variety of scenarios for analyzing how servers respond to different headers.