|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: HEAD request
From: Ory Segal (osegal
watchfire.com)
Date: Mon Sep 11 2006 - 11:33:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
That's correct, hence why I wrote "usually".
A Firewall/WAF/Proxy may be blocking this and dropping the connection
altogether.
Although my guess is that the problem lies somewhere in the netcat
usage. I noticed that NetCat has some quirks when connecting to IIS/6.x
- in some scenarios the connection is dropped if you try to send HTTP
traffic through the command line.
I think that the best way to check if this is the problem is to use a
file input:
>> nc www.some.site 80 < file
And make sure that the file has the two CRLFs after the request, for
example:
HEAD / HTTP/1.0
[CRLF]
[CRLF]
-Ory Segal
-----Original Message-----
From: Levenglick, Jeff [mailto:JLevenglickfhlbatl.com]
Sent: Monday, September 11, 2006 6:38 PM
To: Ory Segal; vijay shetti; pen-testsecurityfocus.com
Subject: RE: HEAD request
Not always. Someone could have it blocked on a proxy/firewall.
-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
On Behalf Of Ory Segal
Sent: Monday, September 11, 2006 4:42 AM
To: vijay shetti; pen-testsecurityfocus.com
Subject: RE: HEAD request
Hi,
Have you tried any other HTTP methods? did they work?
Usually, if an HTTP method is not allowed, you should receive an error
message (e.g. 403).
-Ory Segal
Watchfire ( http://www.watchfire.com )
-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
On Behalf Of vijay shetti
Sent: Saturday, September 09, 2006 11:14 AM
To: pen-testsecurityfocus.com
Subject: HEAD request
Hello all!!!
I am doing assessment of a web server
When I issue HEAD request using nc I don't get any response from the
webserver and I get disconnected after some time.
What should i conclude from that?Does it mean that the administrator has
blocked HEAD requests?
regards,
Vijay
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
-----------------------------------------
This e-mail message is private and may contain confidential or
privileged information.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]