Questions tagged [http]
Definition: HTTP - the Hypertext Transfer Protocol - provides a standard for Web browsers and servers to communicate. The definition of HTTP is a technical specification of a network protocol that software must implement. HTTP is an application layer network protocol built on top of TCP. HTTP clients (such as Web browsers) and servers communicate via HTTP request and response messages. The three main HTTP message types are GET, POST, and HEAD.
1,502 questions
0
votes
0
answers
42
views
What's the role of the private key generated by dotnet dev-certs? [closed]
If one uses ASP.NET Core for web development, there's a dotnet dev-certs https -c -t command that can generate a certificate and store it in the OS certificate store so that https connections can be ...
- 323
0
votes
1
answer
137
views
Securely Transfer Files Between 2 Client Facing System
How do we securely transfer files using HTTP or other protocol in such case?
I have 2 apps, one behave like client and other like server. Both app are publicly available. If I put any secret in the ...
- 111
1
vote
0
answers
134
views
HTTP headers needed for cross-origin communication with postMessage()/onmessage
I'm experimenting with Direct Sockets TCPServerSocket, TCPSocket, and UDPSocket in an Isolated Web App (IWA) on Chromium browser.
The maintainers are trying to uphold the claim that a window can ...
- 149
0
votes
1
answer
123
views
http site security of reputable source [duplicate]
If I visit a website with an http address, and the publisher of the material is reputable, is there a security concern?
In other words if I know the publisher of the website is not trying to attack me,...
- 103
0
votes
3
answers
266
views
Is VPN really that required? [closed]
Cracking HTTP with TLS 1.3 would take longer than anyone's life.
Some articles said cracking AES 256 by brute force would take around 2,158,000,000,000 years.
With VPN, I can bypass geo-blocks - hide ...
0
votes
1
answer
155
views
Block all HTTP/80 traffic? [closed]
We are starting an initiative to remove all unsecure protocols. Logically, we would also need to block HTTP / Port 80. And this is where we cannot agree:
Some say blocking http/80 is a bad idea. port ...
- 195
7
votes
3
answers
2k
views
Using public-key crypto for all HTTP requests of a session – bad idea?
I’m interested in using public-key cryptography for stateless authentication on websites.
The current authentication standard is email + password. Passwords are bad because they can often be guessed, ...
- 305
12
votes
4
answers
6k
views
Why are browser HTTP auth schemes stuck in 1999?
Chromium supports Basic, Digest, NTLM, and Negotiate HTTP authentication schemes. Of those, the newest is Negotiate, which was present no later than 1999, because IE5 supported it (!!!). I can't find ...
- 263
0
votes
2
answers
220
views
Session token shown in the log file
I'm working on a JAVA web application running on Tomcat. A session token is generated and stored in a cookie when a user authenticates.
Unfortunately, when tracing is enabled, Tomcat dumps the value ...
- 111
1
vote
1
answer
1k
views
Is it financially safe to use stripe for payment processing with the main website in http?
Stripe.com is a service that allows payment processing to be outsourced. In a similar way to Oauth this works by exchanging tokens.
Of course, running one’s website on an unencrypted connection is ...
- 1,512
1
vote
0
answers
103
views
What is this hacker trying to do by accessing stack exchange specific URLs on my site? [closed]
Every week or so, I see a set of requests like this in my server logs:
191.218.140.7 POST /users/login?ssrc=site_switcher&returnurl=https%3a%2f%2fstackoverflow.com%2fusers%2f6333444%...
- 71
5
votes
2
answers
2k
views
How to allow a user to login via client X.509 certificate or username/password?
I have a niche website programmed by a volunteer. Like pretty much every website it's secured via TLS, and the main page doesn't let you do much except login via username & password or request an ...
- 51
1
vote
1
answer
151
views
how to reset only TCP connections to my web server which are just TCP packets, but no further HTTP packets
How to reset only TCP connections to my web server which are just TCP packets, but no further HTTP packets.
Let's say I have a web server and users connect via browser (so, flow would be TCP handshake ...
1
vote
1
answer
882
views
How to securely allow localhost to access through CORS, without exposing it to anyone's localhost?
It is recommended to do this often in web apps:
import { NextResponse } from 'next/server'
import type { NextRequest } from 'next/server'
// Define allowed origins
const allowedOrigins = [
'http://...
- 726
1
vote
1
answer
182
views
Testing for Broken Object Level Authorization (BOLA) vulnerabilities
I’m a security-conscious developer looking to improve the security of my web application. I’ve been researching Broken Object Level Authorization (BOLA) vulnerabilities and want to ensure that my ...
- 11
0
votes
0
answers
182
views
medusa error when running
I am attempting to perform basic pen testing, I successfully used hydra however I am having some issues with medusa... I keep getting a Segmentation fault after running the command, can anyone help ...
2
votes
1
answer
770
views
Can socks5 proxies work similiar to http connect?
I have difficulties understanding socks5 proxies.
I would like to know if I can avoid socks5 proxies seeing the traffic between the client and destination. I would like to achieve something similar to ...
- 33
2
votes
3
answers
474
views
Is there a security reason why few CAs offer IP-based SSL/TLS certificates?
I’ve heard numerous times that Few CAs offer IP-based SSL/TLS certificates.
This question seems extremely similar, but what the accepted answer says is:
Usual commercial CA won't accept to encode IP ...
- 4,795
0
votes
1
answer
547
views
Is it safe to use HTTP if no sensitive information is being transmitted? [duplicate]
In the interest of security, is it safe to use HTTP (and not HTTPS) on a website where no sensitive information is being transmitted?
On a website that is purely informational, for example, and doesn’...
- 4,795
1
vote
0
answers
247
views
I have an open redirect but it requires referer header
I have a question which I didn't find an answer for :
I have a request like https://mywebsite.com/redirect/**any website to redirect to it**
In the backend, there is a check, where if the website the ...
- 11
1
vote
1
answer
186
views
Basic monitoring of web applications (http headers, HSTS)
I would like to set up som basic monitoring of outgoing traffic for a number of web applications and api´s running in AWS. E.g.
Ensure specific http headers are in place (Content-Security-Policy and ...
- 141
2
votes
2
answers
280
views
How do I capture HTTPS requests with Python if I have full access to the user's computer
Before any of you answer, "HTTPS is built on top of TLS and everything is encrypted"
I need to specify a very important note: I have FULL access to the client's machine (Windows)
My ...
- 21
2
votes
2
answers
666
views
Should an HTTP error 500 triggered by an XSS payload be reported as a potential vulnerability?
So, long story short, I was using an automated vulnerability scanner on a website (bounty hunting is allowed and encouraged,) and it works by injecting payloads in forms and URLs etc., to trigger ...
- 4,795
2
votes
0
answers
99
views
Trying to send a POST request using curl to a HTB machine
I`m trying to perform a SSRF attack on a Hack The Box machine (editorial.htb). I'm trying to send a POST request using curl with the command
curl --data "hckyou.txt" -X POST http://...
- 21
19
votes
4
answers
8k
views
HTTP: how likely are you to be compromised by using it just once?
My question is, if somebody, today, in 2024, sent a password or a credit card number to some random HTTP website just once, how likely is that password or credit card number to be found on a hacker ...
- 188
1
vote
2
answers
782
views
CSRF Prevention Using Signed Cookies And Custom Headers
Recently I was reading about CSRF prevention techniques like Synchronizer Token, Cookie-to-header, and Double Submit Cookie. Cookie-to-header is good for websites using a lot of JavaScript, e.g. SPAs, ...
- 113
2
votes
1
answer
151
views
What are the risk of using http when capturing open events on an email
I want to configure a custom domain for open and click tracking in Amazon Simple Email Service (SES). However, I've encountered a limitation where Amazon SES only allows HTTPS domains for tracking ...
- 206
1
vote
1
answer
145
views
Does the CORS asteriks / wildcard include both encrypted and unencrypted origins?
Does the CORS asteriks / wildcard (*) include both encrypted (https) and unencrypted origins (http)? And is the null origin (i.e., when a local file is doing a xmlhttprequest, or within an iframe ...
- 11
1
vote
1
answer
196
views
Profiling and monitoring webserver execution over HTTP requests at the kernel level
I would like to know if there is a way to run an app to exhaustion in terms of all possible outcomes that it can provide.
What do I mean by that:
Let's assume that someone has an (Apache) HTTP Server. ...
- 111
1
vote
0
answers
562
views
Bettercap not detecting HTTPS websites (?)
The built-in sslstripping feature (http.proxy.sslstrip) in bettercap is not working against HTTPS websites in this issue I will be using cygwin.com and winzip.com as an example, as we can see they are ...
1
vote
1
answer
128
views
Command Injection in URLs. Are response codes foolproof indicator of true/false positive?
Take this HTTP request as an example.
GET /directory/blahblah/ping%20interact.sh
Say this request receives any 3xx, 4xx, 5xx HTTP response code. Is it likely or even possible that a backend web server ...
- 11
0
votes
0
answers
130
views
Overcoming Middleware: Exploiting XSS to Retrieve Data
I am attempting to perform an XSS attack on my server and have successfully bypassed the CSP. In my server code, I store all users in the following manner:
.get("/users", adminReq, (req, ...
- 13
0
votes
0
answers
35
views
Is it possible to see HTTPS traffic without intercepting? (With a copy of the traffic) [duplicate]
I have a WAF solution that can work both inline and out-of-band. And we want to try the OOB option first. And possibly want to see HTTPS traffic as well.
But the vendor says if we want to see the ...
- 3
0
votes
2
answers
278
views
Is There a way to exploiting / Make exploit scenario for Header based reflected XSS?
I've found a reflected XSS, but the problem is that the attack vector is the header (any header). Is there a way to develop an exploit scenario based on this?
1
vote
2
answers
120
views
Preventing Data Tampering in HTTPS Requests: Safeguarding User-Initiated Donations
Could a Man-in-the-Middle (MITM) attack compromise the integrity of user-initiated transactions over HTTPS? Specifically, if a user selects an amount to donate on a website, is it possible for a ...
- 13
0
votes
3
answers
6k
views
Using HTTP header to transmit client certificate for mTLS
My client says their API traffic must take the path WAF -> Custom Firewall -> Backend API. Also, mTLS must be terminated after the traffic has gone through the network appliance.
I have created ...
- 101
0
votes
1
answer
634
views
CRLF in HTTP/2 header value
I am attempting to inject a carriage-return + newline in a HTTP request header value. My understanding is that this is possible with HTTP/2 and HTTP/3. However, when I send a request with Burp I get ...
- 35.6k
1
vote
0
answers
138
views
Is it possible to track cross origin redirection?
I can successfully iframe a page on origin B from origin A (no x-frame-deny, content security policy, etc). A page on origin B (page X) redirects to a page on origin C (page Y) with a server side ...
- 113
0
votes
0
answers
170
views
Cache poisoning from rfc6455 (WebSockets) not requiring server message to be masked?
In RFC6455 section 10.3, it explains why they have made clients mask their outgoing frames (so that a malicious server cannot manipulate a client into sending something in plaintext, as the message ...
- 101
0
votes
1
answer
118
views
Can token decryption endpoint response codes variability lead to security vulnerabilities?
To clarify the question, here's our case:
We generate encrypted tokens by applying AES-CBC (256 bit) and Base64 to payload:
encrypted_token = Base64.encode(AES_CBC_256.encrypt(key, iv, payload)).
...
0
votes
0
answers
672
views
How to properly use cURL --data-binary to send a request payload
This question is out of pure curiosity. I know I can send multipart formposts using curl's --form/-F option. However, I was curious to see if the same can be done with the --data-binary option? For ...
user303027
5
votes
2
answers
1k
views
HTTPonly token without CSRF is safe?
How can a hacker steal my session where my form does not have CSRF tokens but my session cookies are HTTPonly? how would he get my session cookie in this case? is this possible?
for example, to be ...
- 53
0
votes
1
answer
352
views
A URL is followed by number, what is its vulnerability?
A URL is followed by a number. Changing the number will change the content of the web page. Now I know it's insecure direct object reference (IDOR). What should I do to fix this vulnerability?
- 1
1
vote
1
answer
767
views
SSRF trough Gopher
Gopher protocol is used a lot when exploiting SSRF, but how?
a Gopher URL takes the form:
gopher://<host>:<port>/<gopher-path>
but let's take this example:
gopher://10.10.10.3:80/...
- 13
1
vote
0
answers
235
views
Can a proxy server view the request and response bodies? [duplicate]
I'm digging into proxies and VPNs to wrap my head around their security aspects. Wondering: can a proxy server sneak a peek at my raw requests and maybe even tweak them a bit? my connections are HTTPs
- 111
2
votes
1
answer
795
views
Is prohibiting cookies a viable CORS alternative?
I have been using lots of various APIs in my frontend lately and they all have to be properly configured with CORS and the browser always do extra OPTIONS request that only make debugging harder.
I ...
- 2,317
2
votes
2
answers
921
views
How do you verify if a request is from a genuine user or from a malicious user? [closed]
Consider client A, which wants to verify payments, and server B, which verifies payments.
Client A sends around a million requests to server B's API in a single day.
However,:
only 1% of the requests ...
- 163
8
votes
2
answers
450
views
Why are HMAC signatures frequently used for webhook authorization but not other HTTP API requests?
HMAC signatures are very commonly used for webhook authorization from service to consumer.
Examples:
Stripe
Slack
Twilio
Twitter
GitHub
and hundreds and hundreds more. This seems a near universal ...
- 980
2
votes
0
answers
180
views
How to retrieve TLS unique value from Apache?
TLS unique value is present in TLS 1.2 version.
In Golang, I can get the value of the TLS unique value from the http response through the field TLS.
I'd like know how I can get it from Apache.
Is ...
- 21
1
vote
1
answer
1k
views
Is it secure to use session ID as authentication token received from an HTTP header?
I am writing a mobile application for an already existing web app.
In the backend, I implemented the usual cookie-based session ID authentication. with a CSRF token generated on login and sent with ...
- 13