I’m writing some scripts to look for vulnerabilities to the padding oracle exploit in ASP.NET for which I need to look at the HttpStatusCode in the response. I’m doing this across a large number of my sites with different scenarios and performance is important. I can do this just fine with the following code:
var req = (HttpWebRequest)WebRequest.Create(uri);
req.AllowAutoRedirect = false;
HttpWebResponse resp;
try
{
resp = (HttpWebResponse)req.GetResponse();
resp.Close();
}
catch (WebException e)
{
resp = (HttpWebResponse)e.Response;
}
responseCode = resp.StatusCode;
The only problem with this is that the entire response body is downloaded (according to Fiddler) which has a bit of a performance impact over a large number of enumerations. So the question is this; is it possible to retrieve just the headers without downloading the entire body?
Maybe I’m not grasping some fundamental HTTP concept properly, but if there’s a way to significantly cut down on the response size and take out some of the variability in response times by pulling complete pages down over the web, I’d love to hear it. Thanks!