• Stars
    star
    312
  • Rank 134,133 (Top 3 %)
  • Language
    Go
  • License
    MIT License
  • Created over 1 year ago
  • Updated 12 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers

headerpwn

A fuzzer for analyzing how servers respond to different HTTP headers.

๐Ÿ—๏ธ Install โ›๏ธ Usage ๐Ÿ“ก Proxying HTTP Requests

headerpwn

Install

To install headerpwn, run the following command:

go install github.com/devanshbatham/[email protected]

Usage

headerpwn allows you to test various headers on a target URL and analyze the responses. Here's how to use the tool:

  1. Provide the target URL using the -url flag.
  2. Create a file containing the headers you want to test, one header per line. Use the -headers flag to specify the path to this file.

Example usage:

headerpwn -url https://example.com -headers my_headers.txt
  • Format of my_headers.txt should be like below:
Proxy-Authenticate: foobar
Proxy-Authentication-Required: foobar
Proxy-Authorization: foobar
Proxy-Connection: foobar
Proxy-Host: foobar
Proxy-Http: foobar

Proxying requests through Burp Suite:

Follow following steps to proxy requests through Burp Suite:

  • Export Burp's Certificate:

    • In Burp Suite, go to the "Proxy" tab.
    • Under the "Proxy Listeners" section, select the listener that is configured for 127.0.0.1:8080
    • Click on the "Import/ Export CA Certificate" button.
    • In the certificate window, click "Export Certificate" and save the certificate file (e.g., burp.der).
  • Install Burp's Certificate:

    • Install the exported certificate as a trusted certificate on your system. How you do this depends on your operating system.
    • On Windows, you can double-click the .cer file and follow the prompts to install it in the "Trusted Root Certification Authorities" store.
    • On macOS, you can double-click the .cer file and add it to the "Keychain Access" application in the "System" keychain.
    • On Linux, you might need to copy the certificate to a trusted certificate location and configure your system to trust it.

You should be all set:

headerpwn -url https://example.com -headers my_headers.txt -proxy 127.0.0.1:8080

proxy

proxy-burp

Credits

The headers.txt file is compiled from various sources, including the Seclists project. These headers are used for testing purposes and provide a variety of scenarios for analyzing how servers respond to different headers.

More Repositories

1

Awesome-Bugbounty-Writeups

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference
Python
4,655
star
2

ParamSpider

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
Python
2,467
star
3

FavFreak

Making Favicon.ico based Recon Great again !
Python
1,113
star
4

OpenRedireX

A fuzzer for detecting open redirect vulnerabilities
Python
694
star
5

Vulnerabilities-Unmasked

This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand!
364
star
6

rayder

A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows
Go
272
star
7

Gorecon

Gorecon is a All in one Reconnaissance Tool , a.k.a swiss knife for Reconnaissance , A tool that every pentester/bughunter might wanna consider into their arsenal
Go
270
star
8

ArchiveFuzz

Hunt down the secrets from the WebArchives for Fun and Profit
Python
165
star
9

CertEagle

Weaponizing Live CT logs for automated monitoring ofย assets
Python
132
star
10

DNSleuth

DNSleuth sniffs DNS packets, i.e, allowing you to spy on the DNS queries your machine is making
Python
100
star
11

Solidity-Gas-Optimization-Tips

Solidity Gas Optimization Tips
86
star
12

Passivehunter

Subdomain discovery using the power of 'The Rapid7 Project Sonar datasets'
Python
86
star
13

awesome-bughunting-oneliners

A list of Awesome Bughunting oneliners , collected from the various sources
Python
65
star
14

heaptruffle

Mine URLs from Browser's Heap Snapshot for fun and profit
JavaScript
63
star
15

revit

A command-line utility for performing reverse DNS lookups
Go
57
star
16

Drishti

A fast HTTP Response status checker implemented in Python3
Python
57
star
17

rayder-workflows

Repo for hosting rayder workflows
55
star
18

Everything-About-DNS

DNS Explained : This repo aims to explain the basics of DNS at different levels of complexity for readers with various technical backgrounds.
53
star
19

realm

A utility for recursively traversing SSL/TLS certificates for collecting DNS names
Go
43
star
20

ip2cloud

Check IP addresses against known cloud provider IP address ranges
Python
43
star
21

revwhoix

A simple utility to perform reverse WHOIS lookups using whoisxml API
Python
38
star
22

Quaithe

Quaithe empowers you to execute multiple commands in parallel for blazing-fast performance.
Python
27
star
23

dnsaudit

A command-line utility for auditing DNS configuration using Zonemaster API
Go
27
star
24

autoreport

autoreport generates bug report templates for security researchers
Python
21
star
25

getresolvers

A simple utility to fetch freshly updated DNS resolvers
Python
17
star
26

ip2asn

A utility to quickly map IP addresses to their respective ASN
Python
14
star
27

getsan

A utility to fetch and display dns names from the SSL/TLS cert data
Go
12
star
28

Watson

Watson is a utility for note management and search from your terminal
Python
7
star
29

CLI-Project-Generator

A simple module for generating CLI project in python
Python
4
star
30

OS-ASSIGMENT

Here is my Solution for the assigned question (for OS CA2)
C
2
star
31

devanshbatham

2
star
32

CTF-Arsenal

My CTF stuff
Python
2
star
33

Cyberhack-Village-2.0

This Repo contains solution for challenges that I have created as a part of Cyberhack Village 2.0
Python
2
star