Listen to this Post

When using tools like Burp Suite or OWASP ZAP, tracking non-standard HTTP methods like TRACK can reveal valuable insights during penetration testing. For example:
TRACK / HTTP/1.1 Host: example.com User-Agent: Googlebot
A 502 Bad Gateway response suggests:
- The request reached a reverse proxy (e.g., Apache, Cloudflare).
- The backend server or an inline device (WAF, load balancer) rejected the method.
- The gateway failed to handle the response properly.
You Should Know:
Testing Non-Standard Methods
1. Common HTTP Methods:
- Standard:
GET,POST,HEAD, `OPTIONS` - Non-Standard:
PUT,PATCH,DELETE,CONNECT,TRACE, `TRACK`
2. Testing with cURL:
curl -X TRACE http://example.com -H "User-Agent: Googlebot" curl -X TRACK http://example.com -I
3. Burp Suite Repeater:
- Send manual requests with unusual methods (
TRACK,TRACE,MKCOL). - Check for reflected headers or unexpected responses.
4. Response Code Analysis:
– `1xx` (Informational)
– `2xx` (Success)
– `3xx` (Redirection)
– `4xx` (Client Error)
– `5xx` (Server Error, e.g., 502 Bad Gateway)
5. Exploiting TRACE/TRACK:
- If enabled, these methods may allow Cross-Site Tracing (XST), leaking sensitive headers or cookies.
- Test with:
TRACE / HTTP/1.1 Host: vuln-site.com Cookie: session=malicious-test
6. Automated Scanning with Nmap:
nmap --script http-methods --script-args http-methods.url-path=/target/ target.com
7. WAF Bypass Attempts:
- Some WAFs filter standard methods but miss non-standard ones.
- Try `TRACK` or `ARBITRARY` methods to bypass restrictions.
What Undercode Say:
Non-standard HTTP methods like TRACK and TRACE can reveal misconfigurations in proxies, load balancers, or backend servers. While a 502 error doesn’t confirm a vulnerability, it indicates unusual behavior worth deeper inspection. Always test for header reflection, WAF bypasses, and potential XST flaws.
Expected Output:
- 502 Bad Gateway → Investigate proxy/gateway behavior.
- 200 OK on TRACE/TRACK → Check for header leakage.
- Unsupported Method (405) → Move to other attack vectors.
Prediction:
As web infrastructures evolve, misconfigured HTTP methods will remain a key entry point for attackers. Automated scanners may soon incorporate deeper TRACK/TRACE analysis to uncover hidden vulnerabilities.
URLs for further reading:
References:
Reported By: Activity 7331880409724502016 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


