Penetration Testing mailing list archives
RE: HEAD request
From: "Ory Segal" <osegal () watchfire com>
Date: Mon, 11 Sep 2006 19:33:42 +0300
That's correct, hence why I wrote "usually". A Firewall/WAF/Proxy may be blocking this and dropping the connection altogether. Although my guess is that the problem lies somewhere in the netcat usage. I noticed that NetCat has some quirks when connecting to IIS/6.x - in some scenarios the connection is dropped if you try to send HTTP traffic through the command line. I think that the best way to check if this is the problem is to use a file input:
nc www.some.site 80 < file
And make sure that the file has the two CRLFs after the request, for example: HEAD / HTTP/1.0 [CRLF] [CRLF] -Ory Segal -----Original Message----- From: Levenglick, Jeff [mailto:JLevenglick () fhlbatl com] Sent: Monday, September 11, 2006 6:38 PM To: Ory Segal; vijay shetti; pen-test () securityfocus com Subject: RE: HEAD request Not always. Someone could have it blocked on a proxy/firewall. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ory Segal Sent: Monday, September 11, 2006 4:42 AM To: vijay shetti; pen-test () securityfocus com Subject: RE: HEAD request Hi, Have you tried any other HTTP methods? did they work? Usually, if an HTTP method is not allowed, you should receive an error message (e.g. 403). -Ory Segal Watchfire ( http://www.watchfire.com ) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of vijay shetti Sent: Saturday, September 09, 2006 11:14 AM To: pen-test () securityfocus com Subject: HEAD request Hello all!!! I am doing assessment of a web server When I issue HEAD request using nc I don't get any response from the webserver and I get disconnected after some time. What should i conclude from that?Does it mean that the administrator has blocked HEAD requests? regards, Vijay ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ----------------------------------------- This e-mail message is private and may contain confidential or privileged information. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Re: HEAD request, (continued)
- Re: HEAD request berg (Sep 11)
- Re: HEAD request Steffen Wendzel (Sep 11)
- RE: HEAD request StyleWar (Sep 11)
- RE: HEAD request Sels, Roger (Sep 11)
- Re: HEAD request Mike Klingler (Sep 11)
- RE: HEAD request Paul Melson (Sep 11)
- RE: HEAD request Ory Segal (Sep 11)
- RE: HEAD request Ory Segal (Sep 11)
- RE: HEAD request Levenglick, Jeff (Sep 11)
- RE: HEAD request balaji . v (Sep 11)
- RE: HEAD request Ory Segal (Sep 11)
- Re: HEAD request Rogan Dawes (Sep 11)