0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [master] one page modified

This commit is contained in:
CPol 2021-05-06 00:10:35 +00:00 committed by gitbook-bot
parent 6d5bcdd21f
commit 628471df39
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pentesting-web/abusing-hop-by-hop-headers.md
View File

@ -1,7 +1,5 @@
# Abusing hop-by-hop headers
Most of the content of this post was extracted from [https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers](https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers) \(come copy/pasted and some redacted by me\)
## What is a hop-by-hop header?
A hop-by-hop header is a header which is designed to be processed and consumed by the proxy currently handling the request, as opposed to an end-to-end header.
@ -51,3 +49,7 @@ This technique may be useful to detect proxies \(using the cookie technique\) or
* This could be useful in attacks that may allow you to insert new headers \(low probability\)
* Also,it could be useful to bypass defensive functionalities. For example, if the lack of a header means that a request shouldn't be processed by a WAF, you could bypass a WAF with this technique.
## References
{% embed url="https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers" %}