Episode 350: Using NMap to get HTML Comments from HTTP Responses
Security Weekly Podcast Network (Video) · Security Weekly Productions
November 4, 201318m 11s
Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Description: Extracts and outputs HTML/JS comments from HTTP responses. Why would someone use the tool or technique ? : "The attached script makes use of patterns to extract HTML comments from HTTP responses. There are times sensitive information may be present within HTML comments. While this does not necessarily represent a breach in security, it can give an attacker leverage useful for exploitation."