Donnerstag, 3. Juli 2014

How i see a website

Sometimes i visit a website (yes i really do) and sometimes i like to take just another look onto it.

So i come around one of mine for example, i can see a nice owncloud login page. Well lets dig a bit deeper

#> curl -I oc.XXX.de
HTTP/1.1 302 Found
Date: Thu, 03 Jul 2014 10:07:22 GMT
Server: Apache/2.4.6 (Ubuntu)
Location: https://oc.XXX.de
Content-Type: text/html; charset=iso-8859-1

Okay, running Ubuntu and Apache. Nice to know but there is a redirect? 302, so lets see

#> curl oc.XXX.de
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://oc.XXX.de">here</a>.</p>
<hr>
<address>Apache/2.4.6 (Ubuntu) Server at oc.XXX.de Port 80</address>
</body></html>
Ah, you want me to use https, okay lets go
curl -I -k https://oc.XXX.de
HTTP/1.1 200 OK
Date: Thu, 03 Jul 2014 09:58:15 GMT
Server: Apache/2.4.6 (Ubuntu)
X-Powered-By: PHP/5.5.3-1ubuntu2.5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: Sameorigin
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *
Set-Cookie: oc29fecb4bf3=vjqdmo6ltkct6s23utu92c2l21; path=/; HttpOnly
Content-Type: text/html; charset=utf-8
So, you use PHP, lets google the version number.... 
Okay so its saucy.

Nice security flags by the way :-)


and the stories go on ....