Testing for insecure headers
We've previously seen how the HTTP responses can be a great source of information for enumerating the underlying web framework in place. We are now going to take this to the next level by using the HTTP header information to test for insecure web server configurations and flagging up anything that can lead to a vulnerability.
Getting ready
For this recipe, you will need a list of URLs that you want to test for insecure headers. Save these into a text file called urls.txt, with each URL on a new line, alongside your recipe.
How to do it…
The following code will highlight any vulnerable headers received in the HTTP response from each of the target URLs:
import requests urls = open("urls.txt", "r") for url in urls: url = url.strip() ...Get Python: Penetration Testing for Developers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
