# recon\_09 (header)

View the exercise here: [PentesterLab: Recon 09](https://pentesterlab.com/exercises/recon_09/course)

### **OBJECTIVE**

For this challenge, your goal is to access the headers from responses.

### **HEADER INSPECTION**

When accessing a web server, it often pays off to check the responses' headers. It's common to find information around version and technologies used.

### **SOLUTION**

When we use this default `curl` command, we don’t get the header.

```bash
curl https://hackycorp.com/
```

<figure><img src="https://290105472-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F89FZKOizBQcf0e0Qdrp8%2Fuploads%2FSzTtFK2QDThNbrU0AXXc%2FScreenshot_2024-08-01_at_03.00.50.png?alt=media&#x26;token=ddefc29b-399a-4a71-acf6-828f378fef27" alt="" width="563"><figcaption></figcaption></figure>

#### **Solution #1:**

{% hint style="success" %}

```bash
curl https://hackycorp.com/ --dump-header - -o /dev/null
```

* **`--dump-header -`** shows the HTTP response headers in the terminal
* **`-o /dev/null`**&#x64;iscards the response body (doesn’t save or display it)
  {% endhint %}

<figure><img src="https://290105472-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F89FZKOizBQcf0e0Qdrp8%2Fuploads%2F7hS0C7JHfn8c8tagcyh9%2Fimage.png?alt=media&#x26;token=18b5bd34-8f37-47b1-b383-26bf32148529" alt="" width="536"><figcaption></figcaption></figure>

#### **Solution #2:**

{% hint style="success" %}

```bash
curl https://hackycorp.com/ --dump-header - -o /dev/null -s
```

* **`-s`** to remove progress bar
  {% endhint %}

<figure><img src="https://290105472-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F89FZKOizBQcf0e0Qdrp8%2Fuploads%2Fg6djonE7ucFPqCUTyO0D%2Fimage%201.png?alt=media&#x26;token=8656903d-fed6-4a0b-8006-0c4abd80690a" alt="" width="563"><figcaption></figcaption></figure>