All Questions
32 questions
1vote
2answers
227views
How to prevent attacks on a personal webserver
I'm currently working on some modules on hackthebox. In that regard, I recently set up a web service: sudo python3 -m http.server 8080 When I did a wget to my server, it showed up in the log as usual, ...
- 49
1vote
1answer
2kviews
What are these http requests trying to break?
I recently started receiving some really strange http traffic, and I'd like to understand what it's trying to do. Some of it seems like sql injection attempts, but the strings are appearing in the ...
0votes
0answers
249views
What is this HTTP attack full of backslash encoded data? [duplicate]
I use nginx configured with HTTPS and an unsigned cert to send files to people sometimes. Despite being just an IP address listed no where, I get traffic from various crawlers and other bots. The ...
- 101
1vote
1answer
351views
In which settings is it possible to launch a HTTP Response Splitting Attack but not completely replace the HTTP message?
I wondered in which settings is it possible to launch a HTTP Response Splitting Attack but not completely replace the HTTP message? The examples I saw all allowed full replacement of the HTTP response,...
- 452
0votes
0answers
353views
SSL stripping - how is it possible to send back the HTTP page? [duplicate]
Been trying to wrap my head around SSL stripping. An explanation here writes: Keep in mind, however, that when you install SSL, you’re essentially creating a duplicate of your website with HTTPS URLs....
1vote
2answers
1kviews
How to understand a single packet embedded with multiple requests?
When I read Multi VERB Single Request: This Attack is also a variation of the Excessive Verb Attack strategy. The attacking BOT creates multiple HTTP requests, not by issuing them one after another ...
0votes
2answers
261views
Can a Slow Post HTTP attack be done from a single client?
Can a Slow Post HTTP attack be done from a single client? The following source cites this line: https://medium.com/fantageek/understanding-socket-and-port-in-tcp-2213dc2e9b0c Ports are 16-bit numbers,...
0votes
0answers
192views
server logs invalid HTTP_HOST header, Bad request, 400 [duplicate]
I created a Digital Ocean droplet recently, to learn how to make Django app. Eventually they say I should use Gunicorn to serve and Nginx to face the world, however, in very early stage of learning ...
1vote
2answers
420views
Replicate HTTP GET request [closed]
I'm trying to verify an attack called Dahua Vulnerability. In the PCAP I've got: GET /current_config/passwd HTTP/1.1 Host: xxx.xxx.xxx.xxx How can I replicate this attack to show if an attacker got ...
- 13
0votes
2answers
1kviews
Locale detection & huge Accept-Language header, can this be considered an atack vulnerability?
I was looking for some examples of automatic locale detection as I needed to do the same in my PHP app. Most of the answers I found were similar, only differing in the parsing methods. An example '...
- 111
2votes
2answers
2kviews
Beginner-friendly tool to simulate HTTP flood on my website
Is there any easy-to-use tool available I can use to produce an HTTP GET flood on a website I maintain? If so, can you also explain in steps how to use it? I need to do this for testing purposes. Our ...
- 358
26votes
4answers
9kviews
Understanding HTTP GET attack requests
I have captured some web attacks. I am trying to understand what purpose does each attack request achieve. GET /site/public/timing?<!+XSS="><img+src=xx:x+onerror=alert(14721850.00337)//"> ...
- 269
1vote
0answers
338views
Was this some sort of hack attempt? [duplicate]
I was running python -m http.server that's just a simple http server so I could transfer a file. While my server was up (on a public-facing port) it received the following: 93.174.93.136 - - [22/Aug/...
- 1,855
62votes
3answers
41kviews
What kind of attack is prevented by Apache2's error code AH02032 ("Hostname provided via SNI and hostname provided via HTTP are different")?
I saw in my Apache2 server logs messages like [ssl:error] [pid 28482] AH02032: Hostname xxx.yyy.zzz.www:443 provided via SNI and hostname xxx.yyy.zzz.www provided via HTTP are different One of ...
- 1,698
65votes
5answers
20kviews
HTTPS web service switched to HTTP. What can go wrong?
I recently visited a website which used to have an HTTPS connection. Now it has just a plain HTTP connection, and the authentication method has changed from user+password to "authenticate with Google ...
- 663
