-
Notifications
You must be signed in to change notification settings - Fork 18
/
hmo.yaml
42 lines (34 loc) · 855 Bytes
/
hmo.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
id: HTTP-Override-Attack
info:
name: Meta-overide
author: MR.iambatman
severity: high
description: HMO
requests:
- raw:
- |
GET /?exits=1234 HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
§hmo§: §header§
Connection: close
- |
GET /?exits=1234 HTTP/1.1
Host: {{Hostname}}
payloads:
header: helpers/payloads/request.txt
hmo: helpers/payloads/header_hmo.txt
attack: clusterbomb
redirects: true
matchers-condition: and
matchers:
- type: status
status:
- 404
- type: word
words:
- "POST"
- "GET"
- "DELETE"
- "not found"
- "Resource has been successfully removed with the DELETE method"