paulmataruso/deceptifeed
1
0
Fork 0
mirror of https://github.com/r-smith/deceptifeed.git synced 2025-11-02 05:03:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Force HTTP response header casing to WWW-Authenticate

Browse Source 
This change forces the `WWW-Authenticate` casing for the default HTTP response header on the HTTP/HTTPS honeypot servers. Previously, Go automatically converted it to `Www-Authenticate`. This update matches the casing used by most other web servers. The change is intended to reduce the risk of fingerprinting the honeypot server by making it behave more like a typical web server.
This commit is contained in:
Ryan Smith
2024-11-07 17:13:22 -08:00
parent 7cd36a5018
commit fc43f99af7
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/httpserver/httpserver.go
View File

@@ -175,7 +175,7 @@ func handleConnection(cfg *config.Server, customHeaders map[string]string) http.
} else {
// Serve the default page that prompts the client for basic
// authentication.
w.Header().Set("WWW-Authenticate", "Basic")
w.Header()["WWW-Authenticate"] = []string{"Basic"}
w.WriteHeader(http.StatusUnauthorized)
}
} else {