49 lines
1.6 KiB
YAML
49 lines
1.6 KiB
YAML
id: oob-header-based-interaction
|
|
|
|
info:
|
|
name: Header Based Generic OOB Interaction
|
|
author: pdteam
|
|
severity: info
|
|
description: The remote server fetched a spoofed URL from the request headers.
|
|
reference:
|
|
- https://github.com/PortSwigger/collaborator-everywhere
|
|
tags: oast,ssrf,generic
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
headers:
|
|
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@{{interactsh-url}}
|
|
Referer: http://{{interactsh-url}}/ref
|
|
Cf-Connecting_ip: spoofed.{{interactsh-url}}
|
|
X-Real-Ip: spoofed.{{interactsh-url}}
|
|
From: root@{{interactsh-url}}
|
|
True-Client-Ip: spoofed.{{interactsh-url}}
|
|
Client-Ip: spoofed.{{interactsh-url}}
|
|
Forwarded: for=spoofed.{{interactsh-url}};by=spoofed.{{interactsh-url}};host=spoofed.{{interactsh-url}}
|
|
X-Client-Ip: spoofed.{{interactsh-url}}
|
|
X-Originating-Ip: spoofed.{{interactsh-url}}
|
|
X-Wap-Profile: http://{{interactsh-url}}/wap.xml
|
|
X-Forwarded-For: spoofed.{{interactsh-url}}
|
|
Contact: root@{{interactsh-url}}
|
|
X-Forwarded-Host: spoofed.{{interactsh-url}}
|
|
X-Host: spoofed.{{interactsh-url}}
|
|
X-Forwarded-Server: spoofed.{{interactsh-url}}
|
|
X-HTTP-Host-Override: spoofed.{{interactsh-url}}
|
|
Cache-Control: no-transform
|
|
|
|
matchers-condition: or
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol
|
|
name: http
|
|
words:
|
|
- "http"
|
|
|
|
- type: word
|
|
part: interactsh_protocol
|
|
name: dns
|
|
words:
|
|
- "dns"
|