PT0-003 · Question #128
PT0-003 Question #128: Real Exam Question with Answer & Explanation
The correct answer is D: Modify the scanner user agent.. The HTTP request logs show that requests using common browser user agents (e.g., Mozilla/5.0) receive a 200 OK response, while requests from automation tools (e.g., curl, python) receive no response. This suggests that the web application is blocking automated scanners based on t
Question
A penetration tester attempts to run an automated web-application scanner against a target URL. The tester validates that the web page is accessible from a different device. The tester analyzes the following HTTP request header logging output: Which of the following actions should the tester take to get the scans to work properly?
Options
- AModify the scanner to slow down the scan.
- BChange the source IP with a VPN.
- CModify the scanner to only use HTTP GET requests.
- DModify the scanner user agent.
Explanation
The HTTP request logs show that requests using common browser user agents (e.g., Mozilla/5.0) receive a 200 OK response, while requests from automation tools (e.g., curl, python) receive no response. This suggests that the web application is blocking automated scanners based on the User-Agent string. To bypass this restriction, the penetration tester should modify the scanner's User-Agent string to mimic a legitimate browser, such as User-Agent: Mozilla/5.0 (Windows NT 10.0; This change will make the scanner appear as a real browser, allowing it to bypass basic bot
Topics
Community Discussion
No community discussion yet for this question.