Is there a way to add an HTTP header before using a metasploit module

I’m quite confused and I didnt find a way to figure how to add a custom header or for exemple an Authentication Header before using/running a module on metasploit.

My question is: there is a way to authenticate “the module” before runing it.

Ex of a scenario : A website running WordPress or wtahever CMS is, but you need to proceed to a basic http auth befaure accessing it.

Would HTTP Header injection allow for an XSS vulnerability if content-type is application/force-download?

I am currently conducting a pentest and I found an application vulnerable to http header injection, where the user input is reflected after the Content-Type header, and the Content-Type is set to application/force-download. That is, the attacker can pass content in the GET parameter that is then reflected in the header. Imagine a request like so:

/vulnerable_application?param=reflected-header_malicious_payload 

Which then yields a reponse like so:

HTTP/1.1 200 OK Date: Wed, 06 Nov 2019 22:14:22 GMT Server: [...] Content-Length: 2 Content-Type: application/force-download; charset=UTF-16 Content-Disposition: attachment; filename=reflected-header_malicious_payload Connection: close 

I am trying to asses the severity of this finding, in particular whether it would allow for an reflected XSS attack. It seems to me that there is no way to get around the Content-Type: application/force-download which leads me to believe that the severity is pretty low.

Decrypt T-SQL log backup header and read LSN

For some reason I need to read the LSN from the T-SQL logs backups without restoring them or even their headers (I assume even restoring only their headers will change the LSN on the database side too, but I’m not sure).

So is the T-SQL log backup files encrypted or does they have special structure? Any information as to where should I start?

Could anyone confirm or denies that restoring the header only wouldn’t affect the sys.fn_dblog or anything else?

Avada: Hide half of header v5 on different pages?

I am currently working on a website using Avada Header version 5, which consists of the fusion-contact-info header (Text + Nagivation) and a separate menu with 435px padding to allow for an image to be shown in between the menus on the home page.

The problem is this also spaces the menu out on every single page as it is a global setting.

Ideally, I would like the top menu to disappear on any page not “Home” and only have the Main Navigation “sticky header” to display as the header.

For an example, please visit: https://dunnerslawnservice.com/

Thank you so much

SharePoint 2013 – Set column color based on list header

I’ve a unique requirement for one of my lists. In order to make it easier to read I’ve used this css code to alternate the color of the columns.

table.ms-listviewtable td:nth-child(even) { background: #D0E4F5;} 

Now this is great for most of the columns . However I’ve some special columns that need to be different colors (like yellow or green). And due to the views and some other javascript I cannot use something like

table.ms-listviewtable td:nth-last-child(2){ background: lightyellow;} 

Would anyone be able to write some javascript that looks at the column header and then sets the background-color of the column?

So if header contains ‘Total’ color the entire column red.

Thanks

Record Header as part of Handshake messages on TCP/IP stack

I knew that the format of the TLS handshake message is as below.

“Record header+Handshake layer header+ Handshake message”

Now i have confusion while analyzing the TLS handshake messages on TCP. How the structure would look like from server in response to client hello.

Note:- Since TCP can handle segmentation i believe server hello,server crt ,server key exchange,server hello done can be handled can be received in segments and provide to tls.

There fore how does the raw date look like at the end of the all frames received till TCP ?

will be it be as below ?

Record header+Handshake layer header+Server hello +Record header+Handshake layer header+Server crt+Record header+Handshake layer header+server key exchange+Record header+Handshake layer header+server hello done

  or will it be omitting the record header ?? 

Record header+Handshake layer header+Server hello +Handshake layer header+Server crt+Handshake layer header+server key exchange+Handshake layer header+server hello done

In a content security policy header: Should the url’s be quoted or not, and is there any security implication to this decision?

So in a CSP like the below:

content-security-policy: upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com

Should the url part be quoted like this (example from mozilla security) – even though this example has both styles:

# Disable unsafe inline/eval and plugins, only load scripts and stylesheets from same origin, fonts from google, # and images from same origin and imgur. Sites should aim for policies like this. Content-Security-Policy: default-src 'none'; font-src 'https://fonts.googleapis.com';              img-src 'self' https://i.imgur.com; object-src 'none'; script-src 'self'; style-src 'self' 

Or unquoted like this:

# Disable unsafe inline/eval, only load resources from same origin except also allow images from imgur # Also disables the execution of plugins Content-Security-Policy: default-src 'self'; img-src 'self' https://i.imgur.com; object-src 'none' 

[1] Examples from here: https://infosec.mozilla.org/guidelines/web_security#content-security-policy

Jumping to anchor within modal with a fixed header

Hi all,
I am having a bit of a problem.
I have a script that is for nested modals, that when a link is clicked it jumps straight to an anchor. It works fine.
However when styling, I would like to have a fixed header as the ".content" div scrolls to the anchor.
When ".content" has a height of 80vh it looks fine, but the script doesn't scroll to the anchor.
When ".content" has a height of 80% the script works, but the fixed header doesn't stay fixed and scrolls with the ".content".
How can I…

Jumping to anchor within modal with a fixed header

Changing File Header using wxHexEditor

I am trying to copy the image header for example a bmp file’s header using wxHexEditor. I load the file and then select the first 54 bytes and then click edit–> copy, it works. But when I upload another file and then select the first 54 bytes of the file, and try to paste the earlier copied first 54 bytes, I can’t see the paste option enabled in the wxHexEditor. I tried bless but it was crashing.

Can some body please guide me, how to copy and paste the header from one file to another using wxHexEditor? I am using ubuntu 18.04 and running wxHexEditor using ‘sudo’ option. I have also changed the permissions to 664.

Zulfi.