External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 03:55:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
nuclei/pkg/input/formats/testdata/ginandjuice.proxify.yaml
Ice3man fa56800fcc
Fuzzing layer enhancements + input-types support (#4477) 
* feat: move fuzz package to root directory

* feat: added support for input providers like openapi,postman,etc

* feat: integration of new fuzzing logic in engine

* bugfix: use and instead of or

* fixed lint errors

* go mod tidy

* add new reqresp type + bump utils

* custom http request parser

* use new struct type RequestResponse

* introduce unified input/target provider

* abstract input formats via new inputprovider

* completed input provider refactor

* remove duplicated code

* add sdk method to load targets

* rename component url->path

* add new yaml format + remove duplicated code

* use gopkg.in/yaml.v3 for parsing

* update .gitignore

* refactor/move + docs fuzzing in http protocol

* fuzz: header + query integration test using fuzzplayground

* fix integration test runner in windows

* feat add support for filter in http fuzz

* rewrite header/query integration test with filter

* add replace regex rule

* support kv fuzzing + misc updates

* add path fuzzing example + misc improvements

* fix matchedURL + skip httpx on multi formats

* cookie fuzz integration test

* add json body + params body tests

* feat add multipart/form-data fuzzing support

* add all fuzz body integration test

* misc bug fixes + minor refactor

* add multipart form + body form unit tests

* only run fuzzing templates if -fuzz flag is given

* refactor/move fuzz playground server to pkg

* fix integration test + refactor

* add auth types and strategies

* add file auth provider

* start implementing auth logic in http

* add logic in http protocol

* static auth implemented for http

* default :80,:443 normalization

* feat: dynamic auth init

* feat: dynamic auth using templates

* validate targets count in openapi+swagger

* inputformats: add support to accept variables

* fix workflow integration test

* update lazy cred fetch logic

* fix unit test

* drop postman support

* domain related normalization

* update secrets.yaml file format + misc updates

* add auth prefetch option

* remove old secret files

* add fuzzing+auth related sdk options

* fix/support multiple mode in kv header fuzzing

* rename 'headers' -> 'header' in fuzzing rules

* fix deadlock due to merge conflict resolution

* misc update

* add bool type in parsed value

* add openapi validation+override+ new flags

* misc updates

* remove optional path parameters when unavailable

* fix swagger.yaml file

* misc updates

* update print msg

* multiple openapi validation enchancements + appMode

* add optional params in required_openapi_vars.yaml file

* improve warning/verbose msgs in format

* fix skip-format-validation not working

* use 'params/parameter' instead of 'variable' in openapi

* add retry support for falky tests

* fix nuclei loading ignored templates (#4849)

* fix tag include logic

* fix unit test

* remove quoting in extractor output

* remove quote in debug code command

* feat: issue tracker URLs in JSON + misc fixes (#4855)

* feat: issue tracker URLs in JSON + misc fixes

* misc changes

* feat: status update support for issues

* feat: report metadata generation hook support

* feat: added CLI summary of tickets created

* misc changes

* introduce `disable-unsigned-templates` flag (#4820)

* introduce `disable-unsigned-templates` flag

* minor

* skip instead of exit

* remove duplicate imports

* use stats package + misc enhancements

* force display warning + adjust skipped stats in unsigned count

* include unsigned skipped templates without -dut flag

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* Purge cache on global callback set (#4840)

* purge cache on global callback set

* lint

* purging cache

* purge cache in runner after loading templates

* include internal cache from parsers + add global cache register/purge via config

* remove disable cache purge option

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>

* misc update

* add application/octet-stream support

* openapi: support path specific params

* misc option + readme update

---------

Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com>
Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com>
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
2024-03-14 03:08:53 +05:30

269 lines
17 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

timestamp: 2024-02-20T19:24:13+05:30
url: https://ginandjuice.shop/blog/post?postId=3&source=proxify
request:
header:
Accept-Encoding: gzip
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
host: ginandjuice.shop
method: GET
path: /blog/post
scheme: https
raw: |+
GET /blog/post?postId=3&source=proxify HTTP/1.1
Host: ginandjuice.shop
Accept-Encoding: gzip
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
response:
header:
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Feb 2024 13:54:13 GMT
Set-Cookie: AWSALB=9l3X2bRs5JVQp5cO8o7xLckrdo3FZIQzbS0ga0n4ctfDApb/nn0K6AiSLLAMbG7CCDHqKOj9kQdyj6T2RzBDULszJ+2Oy8KcyuOKhFsCGVTVabnJTkVwhyXLciFt; Expires=Tue, 27 Feb 2024 13:54:13 GMT; Path=/, AWSALBCORS=9l3X2bRs5JVQp5cO8o7xLckrdo3FZIQzbS0ga0n4ctfDApb/nn0K6AiSLLAMbG7CCDHqKOj9kQdyj6T2RzBDULszJ+2Oy8KcyuOKhFsCGVTVabnJTkVwhyXLciFt; Expires=Tue, 27 Feb 2024 13:54:13 GMT; Path=/; SameSite=None; Secure, session=ymwLa8dKmWjLl43BBpQnrp5LkFZraYkp; Secure; HttpOnly; SameSite=None
X-Backend: ea6c1d8c-a8e5-4bef-b8db-879bbb13cf62
X-Frame-Options: SAMEORIGIN
raw: |+
HTTP/1.1 200 OK
Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Feb 2024 13:54:13 GMT
Set-Cookie: AWSALB=9l3X2bRs5JVQp5cO8o7xLckrdo3FZIQzbS0ga0n4ctfDApb/nn0K6AiSLLAMbG7CCDHqKOj9kQdyj6T2RzBDULszJ+2Oy8KcyuOKhFsCGVTVabnJTkVwhyXLciFt; Expires=Tue, 27 Feb 2024 13:54:13 GMT; Path=/
Set-Cookie: AWSALBCORS=9l3X2bRs5JVQp5cO8o7xLckrdo3FZIQzbS0ga0n4ctfDApb/nn0K6AiSLLAMbG7CCDHqKOj9kQdyj6T2RzBDULszJ+2Oy8KcyuOKhFsCGVTVabnJTkVwhyXLciFt; Expires=Tue, 27 Feb 2024 13:54:13 GMT; Path=/; SameSite=None; Secure
Set-Cookie: session=ymwLa8dKmWjLl43BBpQnrp5LkFZraYkp; Secure; HttpOnly; SameSite=None
X-Backend: ea6c1d8c-a8e5-4bef-b8db-879bbb13cf62
X-Frame-Options: SAMEORIGIN
---
timestamp: 2024-02-20T19:24:13+05:32
url: https://ginandjuice.shop/users/3
request:
header:
Accept-Encoding: gzip
Authorization: Bearer 3x4mpl3t0k3n
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
host: ginandjuice.shop
method: POST
path: /catalog/product
scheme: https
raw: |+
POST /catalog/product?productId=3 HTTP/1.1
Host: ginandjuice.shop
Authorization: Bearer 3x4mpl3t0k3n
Accept-Encoding: gzip
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
response:
header:
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Feb 2024 13:54:13 GMT
Set-Cookie: AWSALB=Rzm8ZSSL/yQq1mG1SdGmWAahqexWvOcjIhlNKm0wBnk4jvY3Hdy3mRc+NKoMRNJ2RW+FNbtRk7DX+itnfzjMvKNpwtLWWAafxeKybc+v351g0MsLycRNQF5fG78y; Expires=Tue, 27 Feb 2024 13:54:13 GMT; Path=/, AWSALBCORS=Rzm8ZSSL/yQq1mG1SdGmWAahqexWvOcjIhlNKm0wBnk4jvY3Hdy3mRc+NKoMRNJ2RW+FNbtRk7DX+itnfzjMvKNpwtLWWAafxeKybc+v351g0MsLycRNQF5fG78y; Expires=Tue, 27 Feb 2024 13:54:13 GMT; Path=/; SameSite=None; Secure, session=fFcCUjmQguQy820Y8xrnRypp3KBWSPk6; Secure; HttpOnly; SameSite=None
X-Backend: 2235790d-f089-4324-8ac0-f64cc96f2460
X-Frame-Options: SAMEORIGIN
body: |
<!DOCTYPE html>
<html>
<head>
<link href=/resources/labheader/css/scanMeHeader.css rel=stylesheet>
<link href=/resources/css/labsScanme.css rel=stylesheet>
<meta name="viewport" content="width=device-width, user-scalable=no">
<script src="/resources/js/react.development.js"></script>
<script src="/resources/js/react-dom.development.js"></script>
<script type="text/javascript" src="/resources/js/angular_1-7-7.js"></script>
<title>Fruit Overlays - Product - Gin &amp; Juice Shop</title>
</head>
<body ng-app>
<div id="scanMeHeader">
<section class="header-description">
<p>
This is a deliberately vulnerable web application designed for testing web&nbsp;vulnerability&nbsp;scanners.
<span class="link" onmouseenter="window.__x1 = 1" onmouseover="window.__x2 = 1" onmousemove="window.__x3 = 1" onmousedown="window.__x4 = 1" onmouseup="if (window.__x1 && window.__x2 && window.__x3 && window.__x4) location = atob('L3Z1bG5lcmFiaWxpdGllcw==')" onmouseleave="delete window.__x1; delete window.__x2; delete window.__x3; delete window.__x4">Put your scanner to the test!</span>
</p>
</section>
<section class='scanMeBanner'>
<div class=container>
<a href='/'>
<div class=scanme-logo></div>
</a>
<div class=title-container>
<nav>
<ul class="navigation-header-links primary-links">
<li>
<a class="button selected" href="/catalog">Products</a>
</li>
<li>
<a class="button" href="/blog">Blog</a>
</li>
<li>
<a class="button" href="/about">Our story</a>
</li>
</ul>
<ul class="navigation-header-links secondary-links">
<li>
<a class="account-icon" href="/my-account"><svg><use href="/resources/images/icon-account.svg#account-icon"></use></svg></a>
<ul>
<li>
<a class="button" href="/my-account">Log in</a>
</li>
<li>
<a class="button" href="/my-account">My account</a>
</li>
</ul>
</li>
<li>
<a class="cart-icon" href="/catalog/cart"><span>0</span><svg><use href="/resources/images/icon-cart.svg#cart-icon"></use></svg></a>
</li>
<li class="nav-toggle"><a class="nav-trigger"><span></span><span></span><span></span></a></li>
</ul>
</nav>
</div>
</div>
</section>
</div>
<div theme="ecommerce-product">
<section class="maincontainer">
<div class="container is-page">
<header class="notification-header">
</header>
<ul class="breadcrumbs">
<li><a href="/">Home</a></li>
<li><a href="/catalog">Products</a></li>
<li>Fruit Overlays</li>
</ul>
<section class="product">
<div>
<img class="product-image" src="/image/scanme/productcatalog/products/10.png">
</div>
<div>
<h3>Fruit Overlays</h3>
<img class="product-image" src="/image/scanme/productcatalog/products/10.png">
<span class="price-rating">
<span class="price">
$92.79
</span>
<img src="/resources/images/rating3.png">
</span>
<span class="description">
<label>Description:</label>
<p>When it comes to hospitality presentation is key, and nothing looks better than a well-dressed drink. We know gin fans like plenty of fruit in their glasses, some a bit more than they really need, but hey ho, each to their own. But what about fruit not inside your glass, but classily arranged over your glass? In comes Fruitus overlayus, the best way to jazz up any party. The possible colour combinations are endless, just picture that! All you need is a nice selection of small fruits, or maybe even use our Fruit Curliwurlier to add a dash of even more drama, and we will do the rest. This one is a real winner at our Christmas and New years outings, give it a go and turn some heads.</p>
<p>CONTENTS: 12 cocktail sticks.</p>
<p>HOW TO USE: Let your creative juices flow (Pun intended), and spend some time working on your colour coordination, try not to think too much about it, just do it! Pick up one of the Fruitus overlayus sticks and carefully slide the fruit along until there is a small space on either end of the stick. Balance the stick across the rim of the glass. Ta-Da! Your first fruit overlay. Keep going until you have as many overlays as you need. You can always purchase more at any time with a discount on bulk buys.</p>
</span>
<span class="stock-check">
<form id="stockCheckForm" action="/catalog/product/stock" method="POST">
<input required type="hidden" name="productId" value="3">
<select name="storeId">
<option value="1" >London</option>
<option value="2" >Paris</option>
<option value="3" >Milan</option>
</select>
<button type="submit" class="button">Check stock</button>
</form>
<span id="stockCheckResult"></span>
<script src="/resources/js/xmlStockCheckPayload.js"></script>
<script src="/resources/js/stockCheck.js"></script>
</span>
<span class="cart-button">
<form id=addToCartForm action=/catalog/cart method=POST>
<input required type=hidden name=productId value=3>
<input required type=hidden name=redir value=PRODUCT>
<select class='product-quantity' required name=quantity>
<option value="1" selected>1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
</select>
<button type=submit class=button>Add to cart</button>
</form>
</span>
<span class="view-cart-button">
<a class="button" href="/catalog/cart">View cart</a>
</span>
</div>
</section>
</div>
</section>
<div class="footer-wrapper">
<section class="footer">
<div class="footer-left"></div>
<div class="footer-center">
<h2>Never miss a deal - subscribe now</h2>
<p>Join our worldwide community of gin and juice fanatics, for exclusive news on our latest deals, new releases, collaborations, and more.</p>
<script src='/resources/js/subscribeNow.js'></script>
<div id="subscribe" class="form" data-method="post" data-action="/catalog/subscribe">
<input required type=email name=email placeholder="Email address">
<input required type="hidden" name="csrf" value="ALUrIPu21ygHSGadxsA8u70XnVcY4V4k">
<button class="button" type=submit>Subscribe</button>
</div>
<dialog id="coupon-dialog">
<div class="coupon-wrapper">
<button class="close-button" onclick="closeCouponDialog(event)"></button>
<div class="coupon-info">
<h1>20% off everything</h1>
<div class="coupon-input">
<h3 id="copyable-coupon">Coupon not found</h3>
<button id="copy-coupon-button" class="copy-button" onclick="copyCoupon(event)"></button>
<div id="coupon-copied-tick" class="coupon-copied-tick hidden"></div>
</div>
<p>Apply this coupon to your Shopping Cart before placing your order.</p>
</div>
</div>
</dialog>
<div class="footer-copyright">
<div class="portswigger-logo"></div>
<div>© 2023 PortSwigger Ltd.</div>
</div>
</div>
<div class="footer-right"></div>
</section>
<section class="footer-lower">
<div class="footerNavigation">
<div class="socialLinks">
</div>
<nav>
<ul class="navigation-header-links primary-links">
<li>
<a class="button selected" href="/catalog">Products</a>
</li>
<li>
<a class="button" href="/blog">Blog</a>
</li>
<li>
<a class="button" href="/about">Our story</a>
</li>
</ul>
</nav>
</div>
</section>
</div>
</div>
<script src='/resources/footer/js/scanme.js'></script>
</body>
</html>
raw: |+
HTTP/1.1 200 OK
Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Feb 2024 13:54:13 GMT
Set-Cookie: AWSALB=Rzm8ZSSL/yQq1mG1SdGmWAahqexWvOcjIhlNKm0wBnk4jvY3Hdy3mRc+NKoMRNJ2RW+FNbtRk7DX+itnfzjMvKNpwtLWWAafxeKybc+v351g0MsLycRNQF5fG78y; Expires=Tue, 27 Feb 2024 13:54:13 GMT; Path=/
Set-Cookie: AWSALBCORS=Rzm8ZSSL/yQq1mG1SdGmWAahqexWvOcjIhlNKm0wBnk4jvY3Hdy3mRc+NKoMRNJ2RW+FNbtRk7DX+itnfzjMvKNpwtLWWAafxeKybc+v351g0MsLycRNQF5fG78y; Expires=Tue, 27 Feb 2024 13:54:13 GMT; Path=/; SameSite=None; Secure
Set-Cookie: session=fFcCUjmQguQy820Y8xrnRypp3KBWSPk6; Secure; HttpOnly; SameSite=None
X-Backend: 2235790d-f089-4324-8ac0-f64cc96f2460
X-Frame-Options: SAMEORIGIN
Reference in New Issue View Git Blame Copy Permalink