Differences

This shows you the differences between two versions of the page.

--- tools:http-headers [2025/09/12 17:51] – Humphrey Boa-Gart
+++ tools:http-headers [2025/09/30 22:44] (current) – external edit 127.0.0.1
@@ Line 10: / Line 10: @@
   * Session verification & authentication
   * Remote access policies
+By understanding how HTTP headers work, you can begin to manipulate HTTP transmissions.
+===== Manipulating Headers =====
+Manually changing the values HTTP headers is fairly easy to do, and provides for some tactical opportunities on the field. Spoofing your [[diy:user-agent-spoofing|User-Agent]] or [[diy:referrer-spoofing|Referer]] headers is a great way to familiarize yourself with the concept of manipulating this data.
+Header security is also a thing! Many websites are poorly developed, and use client-defined HTTP headers to delegate access to the system. The way to defend against this is making sure header inputs are sanitized and tested against spoofed headers, but not everyone does it. Poke around with your browser's [[tools:developer-tools|developer tools]] and see what you can find!
+Consult the articles below for more thorough information on other header types you can screw with.
 ===== Further Reading =====
-  * [[https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers|Mozilla Development Network]] article about HTTP headers
+Since a full writeup on HTTP headers is beyond the mission of the //Anonymous Military Institute//, consult some of the following guides and articles for more information.
   * [[wp>List of HTTP header fields]] on Wikipedia
+  * [[https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers|Mozilla Development Network]] article about HTTP headers
   * [[https://www.geeksforgeeks.org/web-tech/http-headers/|GeeksforGeeks]] tutorial about HTTP headers
   * [[https://www.rfc-editor.org/rfc/rfc9110.html#name-header-fields|RFC 9110]] for HTTP semantics

User Tools

Site Tools

Differences