RE: HEAD request



That's correct, hence why I wrote "usually".

A Firewall/WAF/Proxy may be blocking this and dropping the connection
altogether.

Although my guess is that the problem lies somewhere in the netcat
usage. I noticed that NetCat has some quirks when connecting to IIS/6.x
- in some scenarios the connection is dropped if you try to send HTTP
traffic through the command line.

I think that the best way to check if this is the problem is to use a
file input:
nc www.some.site 80 < file

And make sure that the file has the two CRLFs after the request, for
example:
HEAD / HTTP/1.0
[CRLF]
[CRLF]

-Ory Segal


-----Original Message-----
From: Levenglick, Jeff [mailto:JLevenglick@xxxxxxxxxxx]
Sent: Monday, September 11, 2006 6:38 PM
To: Ory Segal; vijay shetti; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: HEAD request

Not always. Someone could have it blocked on a proxy/firewall.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Ory Segal
Sent: Monday, September 11, 2006 4:42 AM
To: vijay shetti; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: HEAD request

Hi,

Have you tried any other HTTP methods? did they work?

Usually, if an HTTP method is not allowed, you should receive an error
message (e.g. 403).

-Ory Segal
Watchfire ( http://www.watchfire.com )


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of vijay shetti
Sent: Saturday, September 09, 2006 11:14 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: HEAD request

Hello all!!!

I am doing assessment of a web server

When I issue HEAD request using nc I don't get any response from the
webserver and I get disconnected after some time.
What should i conclude from that?Does it mean that the administrator has
blocked HEAD requests?

regards,
Vijay

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



-----------------------------------------
This e-mail message is private and may contain confidential or
privileged information.



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



Relevant Pages

  • RE: HEAD request
    ... Subject: HEAD request ... Have you tried any other HTTP methods? ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • RE: HEAD request
    ... Have you tried any other HTTP methods? ... When I issue HEAD request using nc I don't get any response from the ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • RE: HEAD request
    ... When I issue HEAD request using nc I don't get any response ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • RE: HEAD request
    ... When I issue HEAD request using nc I don't get any response from the webserver ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: When cat comes chasing...
    ... >The connection between the two buildings has been recently upgraded to 100 ... I reset any switch, the problem gets resolved. ... >Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)