Home

Awesome

<h1 align="center"> headerpwn <br> </h1> <h4 align="center">A fuzzer for analyzing how servers respond to different HTTP headers.</h4> <p align="center"> <a href="#install">🏗️ Install</a> <a href="#usage">⛏️ Usage</a> <a href="#proxying-requests-through-burp-suite">📡 Proxying HTTP Requests</a> <br> </p>

headerpwn

Install

To install headerpwn, run the following command:

go install github.com/devanshbatham/headerpwn@v0.0.3

Usage

headerpwn allows you to test various headers on a target URL and analyze the responses. Here's how to use the tool:

  1. Provide the target URL using the -url flag.
  2. Create a file containing the headers you want to test, one header per line. Use the -headers flag to specify the path to this file.

Example usage:

headerpwn -url https://example.com -headers my_headers.txt
Proxy-Authenticate: foobar
Proxy-Authentication-Required: foobar
Proxy-Authorization: foobar
Proxy-Connection: foobar
Proxy-Host: foobar
Proxy-Http: foobar

Proxying requests through Burp Suite:

Follow following steps to proxy requests through Burp Suite:

You should be all set:

headerpwn -url https://example.com -headers my_headers.txt -proxy 127.0.0.1:8080

proxy

proxy-burp

Credits

The headers.txt file is compiled from various sources, including the Seclists project. These headers are used for testing purposes and provide a variety of scenarios for analyzing how servers respond to different headers.