Pentest Book
Search…
General Info

Auth headers

1
# Basic Auth (B64)
2
Authorization: Basic AXVubzpwQDU1dzByYM==
3
# Bearer Token (JWT)
4
Authorization: Bearer <token>
5
# API Key
6
GET /endpoint?api_key=abcdefgh123456789
7
X-API-Key: abcdefgh123456789
8
# Digest Auth
9
Authorization: Digest username=”admin” Realm=”abcxyz” nonce=”474754847743646”, uri=”/uri” response=”7cffhfr54685gnnfgerg8”
10
# OAuth2.0
11
Authorization: Bearer hY_9.B5f-4.1BfE
12
# Hawk Authentication
13
Authorization: Hawk id="abcxyz123", ts="1592459563", nonce="gWqbkw", mac="vxBCccCutXGV30gwEDKu1NDXSeqwfq7Z0sg/HP1HjOU="
14
# AWS signature
15
Authorization: AWS4-HMAC-SHA256 Credential=abc/20200618/us-east-1/execute-api/aws4_
Copied!

Common checks

1
# robots.txt
2
curl http://example.com/robots.txt
3
# headers
4
wget --save-headers http://www.example.com/
5
# Strict-Transport-Security (HSTS)
6
# X-Frame-Options: SAMEORIGIN
7
# X-XSS-Protection: 1; mode=block
8
# X-Content-Type-Options: nosniff
9
# Cookies
10
# Check Secure and HttpOnly flag in session cookie
11
# If exists BIG-IP cookie, app behind a load balancer
12
# SSL Ciphers
13
nmap --script ssl-enum-ciphers -p 443 www.example.com
14
# HTTP Methods
15
nmap -p 443 --script http-methods www.example.com
16
# Cross Domain Policy
17
curl http://example.com/crossdomain.xml
18
# allow-access-from domain="*"
19
20
# Cookies explained
21
https://cookiepedia.co.uk/
Copied!

Security headers explanation

Last modified 1yr ago