mirror of
https://github.com/daffainfo/AllAboutBugBounty.git
synced 2024-12-24 13:25:26 +00:00
30 lines
656 B
Markdown
30 lines
656 B
Markdown
|
# 304 Not Modified Bypass
|
||
|
|
||
|
1. Delete "If-None-Match" header
|
||
|
```
|
||
|
GET /admin HTTP/1.1
|
||
|
Host: target.com
|
||
|
If-None-Match: W/"32-IuK7rSIJ92ka0c92kld"
|
||
|
```
|
||
|
Try this to bypass
|
||
|
```
|
||
|
GET /admin HTTP/1.1
|
||
|
Host: target.com
|
||
|
```
|
||
|
|
||
|
2. Adding random character in the end of "If-None-Match" header
|
||
|
```
|
||
|
GET /admin HTTP/1.1
|
||
|
Host: target.com
|
||
|
If-None-Match: W/"32-IuK7rSIJ92ka0c92kld"
|
||
|
```
|
||
|
Try this to bypass
|
||
|
```
|
||
|
GET /admin HTTP/1.1
|
||
|
Host: target.com
|
||
|
Host: target.com
|
||
|
If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" b
|
||
|
```
|
||
|
|
||
|
Source: [https://anggigunawan17.medium.com/tips-bypass-etag-if-none-match-e1f0e650a521](https://anggigunawan17.medium.com/tips-bypass-etag-if-none-match-e1f0e650a521)
|