With below code we can try to automate the different methods that a web server or a website allow. HTTP Methods that we can test here are: GET HEAD POST PUT TRACE CONNECT DELETE
We have used JAFFA an arbitrary method to see what response server returns. If it is status 200 OK then it can be vulnerable.
Below Image shows which HTTP methods are safe and which we should not allow etc.
CODE:
[shell]
#!/bin/bash
for method in GET HEAD POST PUT TRACE CONNECT OPTIONS DELETE JAFFA;
do
printf "$method " ;
printf "$method / HTTP/1.1\nHost: $1\n\n" | nc -i 1 $1 80 | grep "HTTP/1.1"
done
printf "\n";
# You can check even the http-methos testing usnig nmap as well
# nmap -p 80 –script http-methods IP_ADDRESS/SITE_NAME
[/shell]
Read more about HTTP Methods testing and vulnerability that can be exploited using those methods here : https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Visitor Rating: 5 Stars
Visitor Rating: 5 Stars
Visitor Rating: 5 Stars