Distinguish between HTTP and HTTPS response

rfc-st / humble

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.

https://github.com/rfc-st/humble

MIT License

255 stars 18 forks source link

Distinguish between HTTP and HTTPS response #15

Closed stanley101music closed 9 months ago

stanley101music commented 10 months ago

Is your feature request related to a problem? Please describe. When checking headers for HTTP and HTTPS the output file has the same name, thus overwriting the result of another one. Also, the result of the header should stick to the given URL. Currently, humble will follow the redirection or get the response headers using HTTPS even when HTTP schema is specified

Describe the solution you'd like Provide an option for specifying the output file name. I've seen the previous issue #5 and it's solution. However, I think it'll be more flexible to allow others to choose their own filename instead of adding the new attribute to the original filename.

Provide an option for the user to choose whether automatic redirection is necessary.

rfc-st commented 10 months ago

Hello again @stanley101music,

Thanks for your contributions, as always. Please take a look at this commit: https://github.com/rfc-st/humble/commit/92664d1db9a92f99054e2b42229bd33897ffaa48

I have modified the name of the file where the results are exported, including in it the URL scheme; ex. "_https_www.spacex.com20231124.json" (I have removed the literal 'headers').
I have included a new parameter, '-df', which indicates that no redirects will be followed: the URL indicated will be exactly the one analyzed.
I have included a note in the first section of the results ("[0. Info]" section) when this new parameter is provided.

Please check it. I think that, except for your suggestion to define a custom name in the result export file (I prefer, for now, to keep it that way) it would be all done.

Thanks and have a nice weekend!

Best regards,

stanley101music commented 10 months ago

Hi @rfc-st,

Thanks for your prompt response as always. I have tested the latest version, and it works very well. One more thing that might need to be considered is that there might be different ports open on the same website with identical schema, e.g., cloudflare.com uses 80 and 8080 ports with HTTP. In this case, the output file will have the same issue as overwriting each other. Perhaps the port attribute can also be added to the filename.

Best regards,

rfc-st commented 10 months ago

Hello,

Hum ... interesting. I'll take a look tomorrow.

Thanks!

rfc-st commented 9 months ago

Hi @stanley101music,

Please take a look at this commit: https://github.com/rfc-st/humble/commit/4bf057b32482c06ea8c45b7dc8f0371917064590

.- Now, if a port is specified in the URL to be analyzed, the export filename will include it. E.g., for the URL https://www.spacex.com:443, the filename would be _https_www.spacex.com_44320231125.html.

Please check it and confirm that with this change I can close this issue.

Thank you!

stanley101music commented 9 months ago

Hi @rfc-st ,

I've checked with the commit. Everything works well, and the result won't overwrite each other.

Thanks for the enhancement, the issue can now be closed.

Best regards,