From be297d732b4b7f8efdade64ec7a75fe671159636 Mon Sep 17 00:00:00 2001 From: sandeep Date: Thu, 30 Sep 2021 03:26:16 +0530 Subject: [PATCH] misc update --- .../generic/oob-header-based-interaction.yaml | 15 +++++++++++---- .../generic/request-based-interaction.yaml | 7 +++++++ 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/vulnerabilities/generic/oob-header-based-interaction.yaml b/vulnerabilities/generic/oob-header-based-interaction.yaml index 399af47472..b4404a4f0c 100644 --- a/vulnerabilities/generic/oob-header-based-interaction.yaml +++ b/vulnerabilities/generic/oob-header-based-interaction.yaml @@ -26,15 +26,22 @@ requests: X-Wap-Profile: http://{{interactsh-url}}/wap.xml X-Forwarded-For: spoofed.{{interactsh-url}} Contact: root@{{interactsh-url}} - X-Forwarded-Host: 'spoofed.{{interactsh-url}}' - X-Host: 'spoofed.{{interactsh-url}}' - X-Forwarded-Server: 'spoofed.{{interactsh-url}}' - X-HTTP-Host-Override: 'spoofed.{{interactsh-url}}' + X-Forwarded-Host: spoofed.{{interactsh-url}} + X-Host: spoofed.{{interactsh-url}} + X-Forwarded-Server: spoofed.{{interactsh-url}} + X-HTTP-Host-Override: spoofed.{{interactsh-url}} Cache-Control: no-transform + matchers-condition: or matchers: - type: word part: interactsh_protocol name: http words: - "http" + + - type: word + part: interactsh_protocol + name: dns + words: + - "dns" diff --git a/vulnerabilities/generic/request-based-interaction.yaml b/vulnerabilities/generic/request-based-interaction.yaml index e968c99cd6..9e7fe9e40a 100644 --- a/vulnerabilities/generic/request-based-interaction.yaml +++ b/vulnerabilities/generic/request-based-interaction.yaml @@ -41,9 +41,16 @@ requests: Accept: */* unsafe: true # Use Unsafe HTTP library for malformed HTTP requests. + matchers-condition: or matchers: - type: word part: interactsh_protocol name: http words: - "http" + + - type: word + part: interactsh_protocol + name: http + words: + - "http"