Sunday, September 16, 2018

using curl to find support options

The http.request.method  OPTIONS is not  widely used or known but can be used in some case to find support  request methods that a webserver can support and for that URI

Here's an example of a  OPTIONS  request-method for  http://www.example.com/


example1



So in the above we know  "OPTIONS" "GET" "HEAD" "POST" are  the only supported  methods  "


And here's another example

example2



example3


Keep in mind a lot of web-server are not configured for  this function and not recognize this  request method.

In some cases if you send a request method not recognized, the  web-server will send a http.status.code 405   {  HTTP/1.1 405 Method Not Allowed }  and  actually  indicate what is supported.




or

The new trend is to send  back a html body that tells you the request.method is not supported or some other fancy information.


<HTML><HEAD>
<TITLE>Unsupported Request</TITLE>

</HEAD><BODY>

----------------------or----------------
<HTML><HEAD>
<TITLE>Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Reference&#32;&#35;7&#46;827008d1&#46;1537091841&#46;0
</BODY>
--------------------or-----------------
<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx</center>
</body>
</html>

 You might get lucky!









NSE ( network security expert) and Route/Switching Engineer
kfelix  -----@---- socpuppets ---  "*"---com
     ^      ^
=(  @  @ )=
         o

        /  \

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)