HTTP Header viewer
#1
I wanted a quick tool to nab HTTP headers without going through netcat so I wrote a quick tool in python. It takes two arguments the server and an optional path. It also reports statuses on stderr and the header data on stdout so piping data into a file wont require additional parsing.


[Image: lNWghm5.png]

Code:
#!/usr/bin/env python
import httplib, argparse, sys

p = argparse.ArgumentParser(description='Get HTTP headers from a server.')
p.add_argument('server', metavar='server',
                    help='The server to send a GET request to')
p.add_argument('path', metavar='path', nargs='?',
                    help='The path of file to request.  Defaults to /')
args = p.parse_args()
if (args.path == None):
  args.path = '/'

print >> sys.stderr, '\033[1mConnecting to', args.server + args.path, '...\033[0m'

c = httplib.HTTPConnection(args.server)
c.request("HEAD", args.path)
r = c.getresponse()

print >> sys.stderr, '\033[1mStatus:\033[0m', r.status, r.reason, "\n"

headers = r.getheaders()
for i in headers:
  print i[0].upper() + ":", i[1]
Reply
#2
Interesting tool, thanks for creating it. I'll be sure to try it Smile Didn't know that http headers revealed backend server version (Despite me using reverse proxy via varnish).
Reply
#3
(08-20-2015, 02:26 AM)Insider Wrote: Interesting tool, thanks for creating it. I'll be sure to try it Smile Didn't know that http headers revealed backend server version (Despite me using reverse proxy via varnish).

Update your settings to hide it and then use the header tool to check it hahah
Reply
#4
(08-20-2015, 02:26 AM)Insider Wrote: Interesting tool, thanks for creating it. I'll be sure to try it Smile Didn't know that http headers revealed backend server version (Despite me using reverse proxy via varnish).

Add this to the Apache config(httpd.conf):
Code:
ServerSignature Off
ServerTokens Prod

OP: Nice tool NO-OP Smile Wish I could make programs like this in Bash/Shell Tongue

EDIT: Insider, then restart Apache
Code:
# service httpd restart (RHEL/CentOS/Fedora)
# service apache2 restart (Debian/Ubuntu)
Reply
#5
(08-20-2015, 03:44 PM)respect Wrote:
(08-20-2015, 02:26 AM)Insider Wrote: Interesting tool, thanks for creating it. I'll be sure to try it Smile Didn't know that http headers revealed backend server version (Despite me using reverse proxy via varnish).

Add this to the Apache config(httpd.conf):
Code:
ServerSignature Off
ServerTokens Prod

OP: Nice tool NO-OP Smile Wish I could make programs like this in Bash/Shell Tongue

EDIT: Insider, then restart Apache
Code:
# service httpd restart (RHEL/CentOS/Fedora)
# service apache2 restart (Debian/Ubuntu)

Thank you, I will enable it.
Reply
#6
You could also use curl -I which has the same functionality.
Reply
#7
(08-20-2015, 04:10 PM)xxx Wrote: You could also use curl -I which has the same functionality.

Ah, should have googled before hand. Welp too late and the time difference isn't a whole lot

Code:
~$ time curl -I google.com
HTTP/1.1 301 Moved Permanently
Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Date: Thu, 20 Aug 2015 20:20:17 GMT
Expires: Sat, 19 Sep 2015 20:20:17 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


real    0m0.458s
user    0m0.005s
sys    0m0.005s
~$ time header google.com
Connecting to google.com/ ...
Status: 301 Moved Permanently

CONTENT-LENGTH: 219
X-XSS-PROTECTION: 1; mode=block
EXPIRES: Sat, 19 Sep 2015 20:20:26 GMT
SERVER: gws
LOCATION: http://www.google.com/
CACHE-CONTROL: public, max-age=2592000
DATE: Thu, 20 Aug 2015 20:20:26 GMT
X-FRAME-OPTIONS: SAMEORIGIN
CONTENT-TYPE: text/html; charset=UTF-8

real    0m1.285s
user    0m0.023s
sys    0m0.012s

Either way good to know.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CRLF Injection - Manipulating an HTTP Request Insider 1 676 06-16-2020, 12:38 PM
Last Post: dropzone
  [Tutorial] Request header MySQL injection using netcat and burp suite Insider 0 601 06-16-2020, 02:53 AM
Last Post: Insider
  Uploading PHP Shell [Live HTTP Headers - and more ...] Insider 0 4,937 12-11-2016, 07:57 AM
Last Post: Insider