Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
Ltakashvili
New Member.
2037 views

Exclude HP WebInspect custom Headers

Hello.
I have a website that is behind squid proxy(reverse proxy). I'm doing penetration testing and I successfully launched many commercial and open source automated scanners against this site. Finally, I get WebInspect and started scanning, but everytime WebInspect requests are send webserver(squid proxy or actual website web server) returns "HTTP/1.1 501 Not Implemented"

I got burpsuite and did the same requests as WebInspect did and I got the same error. So, there is headers that causes this issue:

X-WIPP

X-RequestManager-Memo

X-Request-Memo

Everytime I remove this headers, i get HTTP/1.1 200 OK message. Somehow squid proxy or webserver doesn't like this headers. I tried to remove this headers via "current scan settings", there is option: "Attack exclusions",then there is option: "Exclude headers". I added these headers but WebInspect still sends this headers and I'm still getting "501 Not implemented" error.

What can I do to remove this headers?

Labels (3)
0 Likes
3 Replies
Micro Focus Expert
Micro Focus Expert

Re: Exclude HP WebInspect custom Headers

You may have a reverse proxy interfering with the WebInspect Request traffic.  This can occur if there is a Header White-List that is too strict.  You can use the following hidden scan setting to disable these HTTP Request headers made by WebInspect.

 

Hidden Scan Setting: SuppressMemoHeadersMatchList - Disabling all X-Memo Headers

WebInspect sends a series of Memo headers used internally to identify details about the Request being made.  These can include X-Memo, X-RequestManager-Memo, and X-Request-Memo.  To disable these memo headers in the traffic, you must add a hidden setting to the raw XML file for your saved scan setting file.

 "Yes, there is a hidden scan setting to remove memo headers and values using regular expression matches. You can use a regex to match the header name and the value name. The example below will remove all of the memo headers. The header's name does not include the leading “X-“.  You can have  any number of MemoHeaderMatchData elements."

 

  • For example, this setting will remove all Memo headers:

<Filters version="1" type="SPI.Scanners.Web.Configuration.Data.FiltersData" assembly="SPI.Scanners.Web.Settings" fips="false">

    <SuppressMemoHeadersMatchList>

      <MemoHeaderMatchData version="1" type="SPI.Configuration.Data.MemoHeaderMatchData" assembly="SPI.Configuration.Settings" fips="false">

        <HeaderName>.</HeaderName>

        <Name>.</Name>

      </MemoHeaderMatchData>

    </SuppressMemoHeadersMatchList>

    <RequestFilterList />

    <ResponseFilterList />

  </Filters>

 


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
anonymouse
New Member.

Re: Exclude HP WebInspect custom Headers

This does not exclude X-WIPP from the header!

 

Additionally where can we find the documentation for these "hidden" settings. These interfere with many scans and I would like to know how to remove them from every scan?

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Exclude HP WebInspect custom Headers

No, this setting would not remove the X-WIPP header as that is not part of this Memo system.  The X-WIPP header is used to communicate with an installed WebInspect Agent on the target server, if present.  Otherwise it is an inert header.  If you wish to remove that from WebInspect, open the Edit menu > Application Settings > General panel.   disable the three boxes found under "WebInspect Agent".

 

We do not have a listing of hidden settings, but that Memo item was one I knew about.  There is one other setting that helps when a returned value in Parameter1 needs to be used as the submitted value in Parameter2, which only crops up with certain two-tier applications that reuse a Cookie value as some custom state-keeping parameter.  Our developers are often advancing WebInspect's capabilities and so new settings may appear (or disappear) from time to time within the raw XML of a scan setting file.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.