From 1a4f6754b44948ec9f10e76806d6849410c48580 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 28 Sep 2021 15:15:57 +0530
Subject: [PATCH] Create generic-oob-header-based-interaction.yaml

---
 .../generic-oob-header-based-interaction.yaml | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 vulnerabilities/generic/generic-oob-header-based-interaction.yaml

diff --git a/vulnerabilities/generic/generic-oob-header-based-interaction.yaml b/vulnerabilities/generic/generic-oob-header-based-interaction.yaml
new file mode 100644
index 0000000000..5a6ad517a0
--- /dev/null
+++ b/vulnerabilities/generic/generic-oob-header-based-interaction.yaml
@@ -0,0 +1,40 @@
+id: generic-oob-header-based-interaction
+
+info:
+  name: Header Based Generic OOB Interaction
+  author: pdteam
+  severity: info
+  description: The remote server fetched a spoofed URL from the request headers.
+  reference: https://github.com/PortSwigger/collaborator-everywhere
+  tags: oob,ssrf,generic
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+    headers:
+      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@{{interactsh-url}}
+      Referer: http://{{interactsh-url}}/ref
+      Cf-Connecting_ip: spoofed.{{interactsh-url}}
+      X-Real-Ip: spoofed.{{interactsh-url}}
+      From: root@{{interactsh-url}}
+      True-Client-Ip: spoofed.{{interactsh-url}}
+      Client-Ip: spoofed.{{interactsh-url}}
+      Forwarded: for=spoofed.{{interactsh-url}};by=spoofed.{{interactsh-url}};host=spoofed.{{interactsh-url}}
+      X-Client-Ip: spoofed.{{interactsh-url}}
+      X-Originating-Ip: spoofed.{{interactsh-url}}
+      X-Wap-Profile: http://{{interactsh-url}}/wap.xml
+      X-Forwarded-For: spoofed.{{interactsh-url}}
+      Contact: root@{{interactsh-url}}
+      X-Forwarded-Host: 'spoofed.{{interactsh-url}}'
+      X-Host: 'spoofed.{{interactsh-url}}'
+      X-Forwarded-Server: 'spoofed.{{interactsh-url}}'
+      X-HTTP-Host-Override: 'spoofed.{{interactsh-url}}'
+      Cache-Control: no-transform
+
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        name: http
+        words:
+          - "http"