LAB 12.2 Spoofing HTTP headers

k0dard

Hello,

I've ran into some unexpected behavior doing lab 12.2.

If I type

nc main.example.com 80

I get the nc prompt, but after I type GET / HTTP/1.1 and hit the first enter, server returns 400 Bad request error.

If I type

printf "GET / HTTP/1.1\r\nHost: node.example.com\r\nReferrer: foo-example.com\r\nUser-Agent: test-browser\r\n\r\n" | nc main.example.com 80

the request passes and so I can do the lab this way.

Out of curiosity, I've tried the first way with some external server and it was behaving as expected (I could type GET... hit enter and continue typing until I hit enter two times consecutively) so I guess that it's something in my server config files that makes nc behave the way it does. I've tried googling a bit but couldn't find anything useful...
I have not changed the default configuration. My server is Apache/2.4.37, installed in a previous lab exercise

Could someone please help ?

Thanks in advance !