Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
code.uplex.de/testing/http-echo
http-echo is an HTTP server that echoes all requests in the response.
.
http-echo [-address host:port] [-log logfile] [-set_prefix prefix]
[-version]
http-echo is an HTTP server that returns a brief summary of the request as well as the request header and body in the response body. It may also set response headers as specified in request headers that have a special prefix (default 'X-Set-') in the request header name.
For example, if http-echo is listening at its default port 7357 on localhost:
$ curl -d 'foo=bar&baz=quux' http://localhost:7357/foo/bar/baz
Server address: 127.0.0.1:7357
Server name: myhostname
Date: 05/Apr/2019:23:37:11 +0200
URI: /foo/bar/baz
Request ID: 9566c74d10037c4d7bbb0407d1e2c649
POST /foo/bar/baz HTTP/1.1
Host: localhost:7357
User-Agent: curl/7.52.1
Content-Length: 16
Accept: */*
Content-Type: application/x-www-form-urlencoded
foo=bar&baz=quux
http-echo returns status 200 OK for every request that it receives, for any URL and request method.
The response body begins with these five lines, followed by the request header and body:
Server address: <address at which the request was received>
Server name: <hostname on which http-echo is running>
Date: <date/time at which the request was received>
URI: <URL path>
Request ID: <ID generated by http-echo for the request>
Request headers with a special prefix, default 'X-Set-', may be used to set response headers. If the request has such a header, then the part of the header name after the prefix becomes the response header name, and the value of the request header becomes the value of the response header.
There can be multiple headers with the "set" prefix in the request, all of which set a response header. If more than one "set" request header designates response headers with the same name, then multiple response headers with that name are set in the response.
For example:
# Using curl -I to show the response headers:
$ curl -I -H 'X-Set-Foo: bar' -H 'X-Set-Baz: quux' http://localhost:7357/foo/bar/baz
HTTP/1.1 200 OK
Baz: quux
Content-Type: text/plain
Foo: bar
Date: Fri, 05 Apr 2019 22:23:08 GMT
Content-Length: 273
# Set the same response header name more than once:
$ curl -I -H 'X-Set-Foo: bar' -H 'X-Set-Foo: baz' http://localhost:7357/foo/bar/baz
HTTP/1.1 200 OK
Content-Type: text/plain
Foo: bar
Foo: baz
Date: Fri, 05 Apr 2019 22:25:26 GMT
Content-Length: 272
http-echo may be used with these command-line flags:
-address host:port
Use 'host:port' as the address at which http-echo listens. The host must be a literal IP address or a host name that can be resolved to IP addresses. If the host is a literal IPv6 address, it must be enclosed in square brackets. If the host is empty or a literal unspecified IP address, as in ":80", "0.0.0.0:80" or "[::]:80", then listen on all available unicast and anycast addresses on the local system. The port must be a literal port number or a service name. The default address is :7357.
-log logfile
Write the server log to 'logfile', or to standard output if 'logfile' is "-". To suppress logging, set -logfile to /dev/null. By default, http-echo logs to stdout.
http-echo logs requests in a format similar to Common Log Format, including the request ID displayed in the response.
-set_prefix prefix
Use 'prefix' as the prefix for request headers that are used to set response headers. The default prefix is X-Set-.
-version
Print the version and exit.
To pull the Docker image:
docker pull uplex/http-echo[:tag]
Building the binary requires an installation of gogitversion. Re-building README.md requires godoc and pandoc. See the links in SEE ALSO below.
To install the binary:
make install
To build the Docker image:
make container
See the Makefile for additional targets, useful for development.
.
* source code repository: https://code.uplex.de/testing/http-echo
* gogitversion: https://github.com/slimhazard/gogitversion
* pandoc: https://pandoc.org/
Copyright (c) 2019 UPLEX Nils Goroll Systemoptimierung. All rights reserved
Author: Geoffrey Simmons <geoffrey.simmons@uplex.de>
See LICENSE
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.