From 193885e3b0dd46a6d05fcfdcb1fc1c001e4a488f Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Sat, 15 Apr 2023 16:51:02 +0530 Subject: [PATCH 1/3] Added Switching Protocol Detection --- technologies/protocol-switch.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 technologies/protocol-switch.yaml diff --git a/technologies/protocol-switch.yaml b/technologies/protocol-switch.yaml new file mode 100644 index 0000000000..936cbd1d84 --- /dev/null +++ b/technologies/protocol-switch.yaml @@ -0,0 +1,26 @@ +id: protocol-switch + +info: + name: Switching Protocol Detection + author: pdteam + severity: info + metadata: + shodan-query: '"connection: upgrade"' + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: dsl + dsl: + - 'status_code == 101' + - 'contains(to_lower(header), "switching protocols")' + - 'contains(to_lower(header), "connection: upgrade")' + - 'contains(to_lower(header), "upgrade:")' + + extractors: + - type: dsl + dsl: + - upgrade From 6e1eb4554ac063d4b1faa891178dab960e28a1eb Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sun, 16 Apr 2023 00:30:15 +0530 Subject: [PATCH 2/3] minor update --- technologies/{protocol-switch.yaml => switch-protocol.yaml} | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) rename technologies/{protocol-switch.yaml => switch-protocol.yaml} (85%) diff --git a/technologies/protocol-switch.yaml b/technologies/switch-protocol.yaml similarity index 85% rename from technologies/protocol-switch.yaml rename to technologies/switch-protocol.yaml index 936cbd1d84..e2dd32f27e 100644 --- a/technologies/protocol-switch.yaml +++ b/technologies/switch-protocol.yaml @@ -1,11 +1,13 @@ -id: protocol-switch +id: switch-protocol info: name: Switching Protocol Detection author: pdteam severity: info metadata: + verified: "true" shodan-query: '"connection: upgrade"' + tags: protocol,switching,tech,websocket,h2c requests: - method: GET