Penetration Testing mailing list archives
RE: HEAD request
From: "Sels, Roger" <roger.sels () gov-fbi net>
Date: Mon, 11 Sep 2006 04:47:25 +0200 (CEST)
Vijay, Verify with OPTIONS whether or not the server supports the HEAD directive. You should get this style of response: HTTP/1.1 200 OK Date: Mon, 11 Sep 2006 14:59:16 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7g Allow: GET,HEAD,POST,OPTIONS,TRACE Cache-Control: max-age=86400 Expires: Tue, 12 Sep 2006 14:59:16 GMT Content-Length: 0 Connection: close Content-Type: text/html This is the reply from the webserver at www.apache.org by the way. Trying microsoft.com told me it was an IIS 6.0 but didn't support the OPTIONS command ;) Wkr Roger On Mon, September 11, 2006 7:23 am, StyleWar wrote:
I doubt it...Tell us exactly what steps you're using to issue the request... maybe that will help. - StyleWar "Happiness makes up for in height, what it lacks in length"-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of vijay shetti Sent: Saturday, September 09, 2006 3:14 AM To: pen-test () securityfocus com Subject: HEAD request Hello all!!! I am doing assessment of a web server When I issue HEAD request using nc I don't get any response from the webserver and I get disconnected after some time. What should i conclude from that?Does it mean that the administrator has blocked HEAD requests? regards, Vijay -------------------------------------------------------------- ---------- This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php -------------------------------------------------------------- ---------------------------------------------------------------------------------- This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
-- Life is 10 percent what you make it and 90 percent how you take it. - Irving Berlin ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- HEAD request vijay shetti (Sep 10)
- Re: HEAD request berg (Sep 11)
- Re: HEAD request Steffen Wendzel (Sep 11)
- RE: HEAD request StyleWar (Sep 11)
- RE: HEAD request Sels, Roger (Sep 11)
- Re: HEAD request Mike Klingler (Sep 11)
- RE: HEAD request Paul Melson (Sep 11)
- <Possible follow-ups>
- RE: HEAD request Ory Segal (Sep 11)
- RE: HEAD request Ory Segal (Sep 11)
- RE: HEAD request Levenglick, Jeff (Sep 11)
- RE: HEAD request balaji . v (Sep 11)
- RE: HEAD request Ory Segal (Sep 11)
- Re: HEAD request Rogan Dawes (Sep 11)