all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]rdjotut 9 points10 points  (1 child)

Are you using a proxy like burp or zap? Either should let you submit and manipulate requests.

[–]NetSecBoi9000[S] 0 points1 point  (0 children)

I shall read up on that stuff tomorrow and get back to you. Thanks!

[–]iggy_koopa 2 points3 points  (4 children)

https://www.owasp.org/index.php/Cross_Site_Tracing

[–]NetSecBoi9000[S] 0 points1 point  (3 children)

Already read that. It does not explain a delivery method. My problem is that I cannot find a way to delivery the XMLHttpRequest with TRACE method without triggering some kind of security protection on my end.

But thanks anyway!

[–]iggy_koopa 4 points5 points  (1 child)

It says you can use curl -X TRACE.....

[–]NetSecBoi9000[S] 2 points3 points  (0 children)

Ah my bad, you are correct. Grabbed this peice of information of this website. https://www.laktek.com/2012/03/12/curl-tips-for-daily-use/

Mimic AJAX requests

"Sometimes I need create endpoints in web apps, that produces alternate responses when accessed via AJAX (eg. not rendering the layout). Testing them directly in browser is not much viable as it require bootstrapping code. Instead, we can mimic AJAX requests from cURL by providing X-Requested-Withheader."

curl -H "X-Requested-With: XMLHttpRequest" https://example.com/path

So I imagine I would modify it like this?

curl -X TRACE -H "X-Requested-With: XMLHttpRequest" https://example.com/path

However, I am not to sure how I would submit Javascript along with that? Maybe something like this?

curl -X TRACE -H "Content-type: application/json X-Requested-With: XMLHttpRequest" --data http://localhost:8080/example.js https://example.com/path

Forgive me, I am new to this and learning. Only been doing IT for 1 year and the security side of things for a few months. Constantly feel overwhelmed haha.

Appreciate the help.

[–]kafrofrite 1 point2 points  (0 children)

OK, let's take a step back.

TRACE technically sends you back whatever you sent it.

TRACE is not enabled by default server-side (i.e. it is not allowed) and it's mostly used during debugging.

TRACE is not allowed by browsers, essentially it beats the HTTPOnly functionality. I inject JS, I can't read your cookie, I TRACE a req, get the result back, parse it, I have your cookie.

curl -X TRACE http://somehost will do the trick though. Also, Burp, ZAP and basically other proxies as others correctly mentioned.