kgretzky / pwndrop

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
https://breakdev.org/pwndrop
GNU General Public License v3.0
2.02k stars 259 forks source link

Getting 404 / 302 errors when trying to download files using HEAD / OPTIONS verb #30

Open aconite33 opened 4 years ago

aconite33 commented 4 years ago

Encountered this when trying to insert an image in a phishing payload. Pwndrop doesn't like the HEAD / OPTIONS verb, and ends up returning a 404 / 302 error.

To replicate:

Host an image on pwndrop.

Create a new Excel document. Goto Insert -> Image (Local), then type into the URL into the file name field and click the drop down and click 'insert and link'.

In the logs of pwndrop, you can see that the requests come with OPTIONS and HEAD verbs and return a 404 / 302 error.

This is useful to helping when tracking payloads to see if users open them or not.

Would be a nice additional feature to track users.