Pages: [1]

Author Topic: HTTP/HTTPS Header Manipulation  (Read 1778 times)

0 Members and 1 Guest are viewing this topic.

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
HTTP/HTTPS Header Manipulation
« on: March 07, 2014, 08:27:33 pm »
Please help me with basic starting of this attack and some useful link...
I tried finding such tutorials on attack based on this but couldn't found much!
Thank u in advance! :)
Report to moderator   Logged
"Security is just an illusion"

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: HTTP/HTTPS Header Manipulation
« Reply #1 on: March 07, 2014, 08:46:24 pm »
1 - How long did you actually search for?

2 - This is not the place to request help, this is the place to post tutorials. So, moved.
Report to moderator   Logged
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: HTTP/HTTPS Header Manipulation
« Reply #2 on: March 08, 2014, 01:28:12 pm »
I tried a youtube search but no attack was mentioned there or gave any kind of tutorial.
httpfox and temperdata. but i want to know how can an attack carried out with this any useful link would also do. :)
« Last Edit: March 08, 2014, 01:34:11 pm by M1lak0 »
Report to moderator   Logged
"Security is just an illusion"

Offline ThePH30N1X

  • Peasant
  • *
  • Posts: 50
  • Cookies: 18
  • Java Programmer
    • View Profile
Re: HTTP/HTTPS Header Manipulation
« Reply #3 on: March 08, 2014, 04:25:39 pm »
You should take a look at programs like Burp Suite and WebScarab. I wrote a program that could do this, but it's not public yet (And very minimalistic).
« Last Edit: March 08, 2014, 04:26:54 pm by ThePH30N1X »
Report to moderator   Logged

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: HTTP/HTTPS Header Manipulation
« Reply #4 on: March 08, 2014, 05:34:12 pm »
Thank you ThePH30N1X for your guidance.. :)
Quote from: ThePH30N1X on March 08, 2014, 04:25:39 pm
You should take a look at programs like Burp Suite and WebScarab. I wrote a program that could do this, but it's not public yet (And very minimalistic).
Report to moderator   Logged
"Security is just an illusion"

Offline Teapot

  • Peasant
  • *
  • Posts: 127
  • Cookies: -2
  • E-Book Whore
    • View Profile
Re: HTTP/HTTPS Header Manipulation
« Reply #5 on: March 08, 2014, 08:36:32 pm »
Quote from: ThePH30N1X on March 08, 2014, 04:25:39 pm
You should take a look at programs like Burp Suite and WebScarab. I wrote a program that could do this, but it's not public yet (And very minimalistic).

Quote from: M1lak0 on March 08, 2014, 05:34:12 pm
Thank you ThePH30N1X for your guidance.. :)

REALLY???
EZ is not a skid factory. If all you want is too brag to your friends or all you care about is the destination then go to fucking HF and download Cain&Abel infected by some other skid.
Report to moderator   Logged

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: HTTP/HTTPS Header Manipulation
« Reply #6 on: March 08, 2014, 10:36:15 pm »
Quote from: M1lak0 on March 08, 2014, 01:28:12 pm
I tried a youtube search but no attack was mentioned there or gave any kind of tutorial.
Yeah you're right there must not be any resources out there then...
Report to moderator   Logged
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Axon

  • VIP
  • King
  • *
  • Posts: 2047
  • Cookies: 319
    • View Profile
Re: HTTP/HTTPS Header Manipulation
« Reply #7 on: March 08, 2014, 11:00:02 pm »
« Last Edit: March 08, 2014, 11:01:01 pm by Axon »
Report to moderator   Logged

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: HTTP/HTTPS Header Manipulation
« Reply #8 on: March 10, 2014, 12:39:55 pm »
Quote from: noncetonic on March 08, 2014, 10:40:19 pm
You'll have to be more specific about your question here. Do you want to know about attacks like HTTP Response Splitting? If so check out https://www.owasp.org/index.php/HTTP_Response_Splitting . In fact, check out OWASP for anything web app hacking related and you'll often get a plethora of info
Quote from: Axon on March 08, 2014, 11:00:02 pm
Here's some detailed examples.I hope this helps?

http://xss.cx/examples/dork/http-injection/http-header-injection-0x20-crlf-splitting.travel.travelocity.com.html

WOW Thank you guys to share me few link and help.
I have actually tried xss and sqli via header manipulation but I want to play and explore more about this and few ways. Well I'll Surely check these links and let you know about it! :D
Is there any other types of attack based on Header manipulation? Please let me know!
Thank you all for your reply. . .
Report to moderator   Logged
"Security is just an illusion"

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: HTTP/HTTPS Header Manipulation
« Reply #9 on: March 11, 2014, 11:48:56 am »
Quote from: M1lak0 on March 10, 2014, 12:39:55 pm
WOW Thank you guys to share me few link and help.
I have actually tried xss and sqli via header manipulation but I want to play and explore more about this and few ways. Well I'll Surely check these links and let you know about it! :D
Is there any other types of attack based on Header manipulation? Please let me know!
Thank you all for your reply. . .
https://evilzone.org/hacking-and-security/session-hijacking-evilzone/msg72536/#msg72536
No longer works coz they finally fixed it :)
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage
Pages: [1]