Detect enabled HTTP TRACE methods

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

Detect enabled HTTP TRACE methods Detail

Information disclosed from this page can be used to gain additional information about the target system.

The HTTP TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests that use the TRACE method by echoing in its response the exact request that was received. This behavior is often harmless, but occasionally leads to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. This functionality could historically be used to bypass the HttpOnly cookie flag on cookies, but this is no longer possible in modern web browsers.

Some Advice for Common Problems

The TRACE method should be disabled on production web servers.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service