AddHeader
AddHeader modifies an initiated request to add, delete or modify an existing header.
Syntax
AddHeader (STRING name, STRING value)
Where:
Nameis a string (example:Content-Type). If the name already exists, the value of that name will be overwritten with the value specified.Valueis a string (example:text/html). If the value is empty the header will be deleted if it exists.
Return Value
No data returned.
Example
This script will modify some headers in an attempt to launch a Cross Site Scripting attack on log file parsers:
Function Main
Dim HTTPObj As Object
Dim headers As Variant
ip = "www.gfi.com"
port = 80
cr = Chr(13) + Chr(10)
XSSTest = "<script>alert('The new GFI LanGuard features detection of Cross Site Scripting Detection')</script>"
Set HTTPobj = HTTP.Connect (ip,port)
'headers to try
headers = Array ( "Host", "User-Agent", "Accept", "X-Header1" , "X-Proxy", "Cookie" )
HTTPobj.GetURL("/")
HTTPobj.Authentication = 1
'a loop for each header which might be used to
'inject XSS signature. Send a request every time
For a = LBound(headers) To UBound(headers)
HTTPobj.ClearRequestHeaders
HTTPobj.AddHeader headers(a), XSSTest
'Send the GET request with our custom headers
HTTPResponse = HTTPobj.SendRequest ()
echo CStr(a) + " result: " + CStr(HTTPResponse)+cr
Next
End Function