Text only | Text with Images

WinBatch® Technical Support Forum

All Things WinBatch => WinBatch => Topic started by: pamsniffer on April 23, 2018, 04:13:37 AM

Title: check on http headers
Post by: pamsniffer on April 23, 2018, 04:13:37 AM
Hi,
How can I check on http header if for example X-XSS-Protection header exist


thx

PAm
Title: Re: check on http headers
Post by: td on April 23, 2018, 01:08:14 PM
It depends on how you are acquiring the webpage in the first place.  For example, if you are using COM Automation and the "WinHttp.WinHttpRequest.5.1" object,  you could use the "GetResponseHeader" or "GetAllResponesHeaders" methods to check for your header of interest.  On the other hand, if you are using the WinInet Extender, you could use the "iHttpHeaders" function to get a complete list of response headers.

If you are accessing the site with some other tool, you will need to use whatever that tool provides for HTTP header examination. 
Title: Re: check on http headers
Post by: td on April 23, 2018, 02:34:51 PM
Here's a Tech DB example that  uses COM Automation to check a specific header:

http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/OLE~COM~ADO~CDO~ADSI~LDAP/WinHttpRequest+WinHTTP~Redirect~.txt
(http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/OLE~COM~ADO~CDO~ADSI~LDAP/WinHttpRequest+WinHTTP~Redirect~.txt)
Another article that uses the WinInet extender:

http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WIL~Extenders/WinInet+Return~Info~on~Web~Server.txt (http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WIL~Extenders/WinInet+Return~Info~on~Web~Server.txt)
Title: Re: check on http headers
Post by: pamsniffer on April 27, 2018, 12:56:09 AM
thx
Title: Re: check on http headers
Post by: pamsniffer on May 06, 2018, 04:44:53 AM
Did some coding


       tophandle=iBegin(0,"","")
       connecthandle=iHostConnect(tophandle, "%aline%", @HTTP,"","")
       datahandle=iHttpInit(connecthandle, "GET", "/", "",0)
       rslt=iHttpOpen(datahandle,"", 0, 0)
       headers=iHttpHeaders(datahandle)
       iClose(datahandle)
       iClose(connecthandle)
       iClose(tophandle)
       delay(1)

       ; CHECK IF SERVER IS ON

       if headers == @TAB then exit
       
       ptr=StrIndexNC(headers,"X-XSS-Protection: ",0,@FWDSCAN)
       If ptr != -1
          ptr2=StrIndex(headers,@TAB,ptr,@FWDSCAN)
          If ptr2==0 Then ptr2=StrLen(headers)
          ptr=ptr+StrLen("X-XSS-Protection: ")
          XXS=StrTrim(StrSub(headers,ptr,ptr2-ptr))
          If XXS  <> ""
            XXS="ENABLED"
           Else
            XXS="Disbaled"
          endif
       EndIf
       

thx for the direction
Title: Re: check on http headers
Post by: stanl on May 07, 2018, 04:52:08 AM
Out of curiosity..... why are you checking headers instead of error codes?
Title: Re: check on http headers
Post by: pamsniffer on May 14, 2018, 01:18:28 PM
I am checking for http security headers to protect the web browerclient.

The program check now on all http security headers.


https://www.keycdn.com/blog/http-security-headers/

Pam
Text only | Text with Images