Testing for insecure headers
We've previously seen how the HTTP responses can be a great source of information for enumerating the underlying web framework in place. We are now going to take this to the next level by using the HTTP
header information to test for insecure web server configurations and flagging up anything that can lead to a vulnerability.
Getting ready
For this recipe, you will need a list of URLs that you want to test for insecure headers. Save these into a text file called urls.txt
, with each URL on a new line, alongside your recipe.
How to do it…
The following code will highlight any vulnerable headers received in the HTTP response from each of the target URLs:
import requests urls = open("urls.txt", "r") for url in urls: url = url.strip() req = requests.get(url) print url, 'report:' try: xssprotect = req.headers['X-XSS-Protection'] if xssprotect != '1; mode=block': print 'X-XSS-Protection not set properly, XSS may be possible:', xssprotect except...