RSS

HTTP Methods Identification

20 Dec

This is a small script that uses netcat in order to connect to a remote web server and to discover which HTTP methods supports.You can see below the source code:

#!/bin/bash

for webservmethod in GET POST PUT TRACE CONNECT OPTIONS PROPFIND;

do
printf "$webservmethod " ;
printf "$webservmethod / HTTP/1.1\nHost: $1\n\n" | nc -q 1 $1 80 | grep "HTTP/1.1"

done

Source Code

Source Code

 

In the next image you can see the script in use:

Demonstration

Demonstration

About these ads
 
5 Comments

Posted by on December 20, 2012 in Coding

 

Tags: ,

5 responses to “HTTP Methods Identification

  1. Thefisherman

    December 20, 2012 at 8:21 am

    Nice one!
    Sometimes i’m getting “Length Required” for POST/PUT which means normally behavioral.
    May be you need to update the script with new input of content-length.

    Cheers

     
  2. Sun Tzu

    December 20, 2012 at 2:02 pm

    #!/bin/bash
    if [ -z $1 ]; then echo “Syntax: ./webSrvMethods.sh example.com 80″
    else
    echo
    printf “HEAD / HTTP/1.1\nHost: $1\n\n” | nc -v -w1 $1 $2
    for webservmethod in GET POST PUT TRACE CONNECT OPTIONS PROPFIND DELETE;

    do
    printf “$webservmethod ” ;
    printf “$webservmethod / HTTP/1.1\nHost: $1\n\n” | nc -v -w1 $1 $2 | grep “HTTP/1″;
    done
    echo
    fi

     
  3. Robin

    December 21, 2012 at 10:44 am

    Don’t forget, you can do

    OPTIONS *

    as well.

    With HTTP 1.1 I’ve found a lot of servers respond to undefined methods as though they were GETs which is useful for bypassing defences which pattern match GET … So it is useful to add a bogus method in as well just to see how the server responds to it.

    And Sun Tzu, I’d make the host header optional, it is sometimes worth checking the bare IP as well.

     
  4. John (@n0x00)

    December 29, 2012 at 8:08 pm

    In Burp Intruder, Payloads,Payload Options (Simple list) there is ‘HTTP Verbs’ you can just set this around the §GET§ or whatever and it will quickly give you all the information you need – without leaving burp :) – you can also add bogus one’s to it*

     
  5. Aaron

    January 14, 2013 at 9:58 am

    There is also an NMAP script “http-methods.nse” that you can use to find this.

    nmap -p 80 example.com –script http-methods

    -Aaron B.

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 665 other followers

%d bloggers like this: