nuclei-templates/vulnerabilities/generic/request-based-interaction.yaml

id: request-based-interaction

info:
  name: OOB Request Based Interaction
  author: pdteam
  severity: info
  description: The remote server fetched a spoofed DNS Name from the request.
  reference:
    - https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
  tags: oast,ssrf,generic

requests:
  - raw:
      - |+
        GET / HTTP/1.1
        Host: {{interactsh-url}}
        Cache-Control: no-transform
        Accept: */*

      - |+
        GET / HTTP/1.1
        Host: @{{interactsh-url}}
        Cache-Control: no-transform
        Accept: */*

      - |+
        GET http://{{interactsh-url}}/ HTTP/1.1
        Host: {{Hostname}}
        Cache-Control: no-transform
        Accept: */*

      - |+
        GET @{{interactsh-url}}/ HTTP/1.1
        Host: {{Hostname}}
        Cache-Control: no-transform
        Accept: */*

      - |+
        GET {{interactsh-url}}:80/ HTTP/1.1
        Host: {{Hostname}}
        Cache-Control: no-transform
        Accept: */*

    unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.
    matchers-condition: or
    matchers:
      - type: word
        part: interactsh_protocol
        name: http
        words:
          - "http"

      - type: word
        part: interactsh_protocol
        name: dns
        words:
          - "dns"
Update and rename request-interaction-oob.yaml to request-based-interaction.yaml 2021-09-28 09:52:30 +00:00			`id: request-based-interaction`
Create request-interaction-oob.yaml 2021-09-28 09:48:26 +00:00
			`info:`
			`name: OOB Request Based Interaction`
			`author: pdteam`
			`severity: info`
			`description: The remote server fetched a spoofed DNS Name from the request.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface`
oob tags update 2021-10-18 20:40:26 +00:00			`tags: oast,ssrf,generic`
Create request-interaction-oob.yaml 2021-09-28 09:48:26 +00:00
			`requests:`
			`- raw:`
			`- \|+`
			`GET / HTTP/1.1`
			`Host: {{interactsh-url}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`- \|+`
			`GET / HTTP/1.1`
			`Host: @{{interactsh-url}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`- \|+`
			`GET http://{{interactsh-url}}/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`- \|+`
			`GET @{{interactsh-url}}/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`- \|+`
			`GET {{interactsh-url}}:80/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.`
misc update 2021-09-29 21:56:16 +00:00			`matchers-condition: or`
Create request-interaction-oob.yaml 2021-09-28 09:48:26 +00:00			`matchers:`
			`- type: word`
			`part: interactsh_protocol`
			`name: http`
			`words:`
			`- "http"`
misc update 2021-09-29 21:56:16 +00:00
			`- type: word`
			`part: interactsh_protocol`
Update request-based-interaction.yaml 2021-09-29 22:01:03 +00:00			`name: dns`
misc update 2021-09-29 21:56:16 +00:00			`words:`
Update request-based-interaction.yaml 2021-09-29 22:01:03 +00:00			`- "dns"`