-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathtrace-desync-attack.bcheck
More file actions
28 lines (25 loc) · 1.27 KB
/
trace-desync-attack.bcheck
File metadata and controls
28 lines (25 loc) · 1.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
metadata:
language: v2-beta
name: "TRACE Method Reflection Test"
description: "Checks if the server supports the TRACE method and reflects request headers, indicating potential for HTTP desync vulnerabilities."
author: "Kaustubh"
given request then
send request called check:
method: "TRACE"
headers:
"Custom-Test-Header": "testvalue"
if {check.response.headers} matches "Custom-Test-Header" then
report issue and continue:
severity: medium
confidence: firm
detail: "Server supports TRACE method and reflects request headers. This behavior can be leveraged for HTTP desync attacks."
remediation: "Disable the TRACE method on the server or ensure that it does not reflect request headers to mitigate potential HTTP desync vulnerabilities."
end if
if {check.response.body} matches "(Apache|Nginx|IIS|Server:[^\r\n]*)" or
{check.response.headers} matches "(Apache|Nginx|IIS|Server:[^\r\n]*)" then
report issue and continue:
severity: low
confidence: firm
detail: "Possible server identification from the response."
remediation: "Consider obfuscating server information to reduce the risk of targeted attacks."
end if