2020-05-22 15:12:25 +00:00
|
|
|
id: dummy-raw
|
|
|
|
info:
|
2020-05-25 07:34:30 +00:00
|
|
|
name: Example-Fuzzing
|
2020-05-22 15:12:25 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- payloads:
|
|
|
|
param_a: /home/user/wordlist_param_a.txt
|
|
|
|
param_b: /home/user/wordlist_param_b.txt
|
2020-05-25 07:34:30 +00:00
|
|
|
attack: clusterbomb # Available options: sniper, pitchfork and clusterbomb
|
2020-05-22 15:12:25 +00:00
|
|
|
raw:
|
|
|
|
# Request with simple param and header manipulation with DSL functions
|
2020-05-25 07:34:30 +00:00
|
|
|
- |
|
|
|
|
POST /?param_a={{param_a}}¶mb={{param_b}} HTTP/1.1
|
|
|
|
User-Agent: {{param_a}}
|
|
|
|
Host: {{Hostname}}
|
|
|
|
another_header: {{base64(param_b)}}
|
|
|
|
Accept: */*
|
2020-05-22 15:12:25 +00:00
|
|
|
|
2020-05-25 07:34:30 +00:00
|
|
|
This is the Body
|
2020-05-22 15:12:25 +00:00
|
|
|
# Request with body manipulation
|
2020-05-25 07:34:30 +00:00
|
|
|
- |
|
|
|
|
DELETE / HTTP/1.1
|
|
|
|
User-Agent: nuclei
|
|
|
|
Host: {{Hostname}}
|
|
|
|
|
|
|
|
This is the body {{sha256(param_a)}}
|
2020-05-22 15:12:25 +00:00
|
|
|
# Yet another one
|
2020-05-25 07:34:30 +00:00
|
|
|
- |
|
|
|
|
PUT / HTTP/1.1
|
|
|
|
Host: {{Hostname}}
|
|
|
|
|
|
|
|
This is again the request body {{html_escape(param_a)}} + {{hex_encode(param_b))}}
|
2020-05-22 15:12:25 +00:00
|
|
|
matchers:
|
|
|
|
- type: word
|
2020-05-25 07:34:30 +00:00
|
|
|
words:
|
2020-05-22 15:12:25 +00:00
|
|
|
- "title"
|
|
|
|
- "body"
|