tools:http-headers
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| tools:http-headers [2025/09/12 17:55] – [Further Reading] Humphrey Boa-Gart | tools:http-headers [2025/09/30 22:44] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 10: | Line 10: | ||
| * Session verification & authentication | * Session verification & authentication | ||
| * Remote access policies | * Remote access policies | ||
| + | |||
| + | By understanding how HTTP headers work, you can begin to manipulate HTTP transmissions. | ||
| Line 16: | Line 18: | ||
| Manually changing the values HTTP headers is fairly easy to do, and provides for some tactical opportunities on the field. Spoofing your [[diy: | Manually changing the values HTTP headers is fairly easy to do, and provides for some tactical opportunities on the field. Spoofing your [[diy: | ||
| - | Consult the articles below for more thorough information on other header types that you can manipulate. | + | Header security is also a thing! Many websites are poorly developed, and use client-defined HTTP headers to delegate access to the system. The way to defend against this is making sure header inputs are sanitized and tested against spoofed headers, but not everyone does it. Poke around with your browser' |
| + | |||
| + | Consult the articles below for more thorough information on other header types you can screw with. | ||
| ===== Further Reading ===== | ===== Further Reading ===== | ||
| - | Since a full writeup on HTTP headers is beyond the scope of the Institute's mission, consult some of the following guides and articles for more information. | + | Since a full writeup on HTTP headers is beyond the mission |
| * [[wp> | * [[wp> | ||
tools/http-headers.1757699730.txt.gz · Last modified: (external edit)
Find this page online at: https://bestpoint.institute/tools/http-headers
Find this page online at: https://bestpoint.institute/tools/http-headers