mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-18 04:45:27 +00:00
c377221a78
* Add headersPartType for fuzzing * fix nil pointer dereference for headless mode * minor changes+ add integration test * update template in fuzz-header-multiple --------- Co-authored-by: 0x123456789 <0x123456789> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
41 lines
1006 B
YAML
41 lines
1006 B
YAML
id: fuzz-header-multiple
|
|
|
|
info:
|
|
name: fuzz header multiple
|
|
author: pdteam
|
|
severity: info
|
|
description: |
|
|
In this template we fuzz multiple headers with single payload
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
GET /?x=aaa&y=bbb HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Origin: https://example.com
|
|
X-Forwared-For: 1337
|
|
Cookie: z=aaa; bb=aaa
|
|
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
|
Accept-Language: en-US,en;q=0.9
|
|
Connection: close
|
|
|
|
payloads:
|
|
reflection:
|
|
- "secret.local"
|
|
|
|
fuzzing:
|
|
- part: headers
|
|
type: replace
|
|
mode: multiple
|
|
keys: ["Origin", "X-Forwared-For"]
|
|
fuzz:
|
|
- "{{reflection}}"
|
|
|
|
stop-at-first-match: true
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "admin" |