http/vulnerabilities/generic/request-based-interaction.yaml

id: request-based-interaction

info:
  name: OOB Request Based Interaction
  author: pdteam
  severity: info
  description: The remote server fetched a spoofed DNS Name from the request.
  reference:
    - https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface
  metadata:
    max-request: 5
  tags: oast,ssrf,generic

http:
  - raw:
      - |+
        GET / HTTP/1.1
        Host: {{interactsh-url}}
        Cache-Control: no-transform
        Accept: */*

      - |+
        GET / HTTP/1.1
        Host: @{{interactsh-url}}
        Cache-Control: no-transform
        Accept: */*

      - |+
        GET http://{{interactsh-url}}/ HTTP/1.1
        Host: {{Hostname}}
        Cache-Control: no-transform
        Accept: */*

      - |+
        GET @{{interactsh-url}}/ HTTP/1.1
        Host: {{Hostname}}
        Cache-Control: no-transform
        Accept: */*

      - |+
        GET {{interactsh-url}}:80/ HTTP/1.1
        Host: {{Hostname}}
        Cache-Control: no-transform
        Accept: */*

    unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.

    matchers-condition: or
    matchers:
      - type: word
        part: interactsh_protocol
        name: http
        words:
          - "http"

      - type: word
        part: interactsh_protocol
        name: dns
        words:
          - "dns"
# digest: 4b0a00483046022100ca4916bbf7327c1cd65b48ba5243ff714d5beefa994a0069b2d40ab1b97cdd78022100d1714c05ea0264cda4eaebee4d90f3aa1786ece75107b655fc267c82080f7d20:922c64590222798bb761d5b6d8e72950
Update and rename request-interaction-oob.yaml to request-based-interaction.yaml 2021-09-28 15:22:30 +05:30			`id: request-based-interaction`
Create request-interaction-oob.yaml 2021-09-28 15:18:26 +05:30
			`info:`
			`name: OOB Request Based Interaction`
			`author: pdteam`
			`severity: info`
			`description: The remote server fetched a spoofed DNS Name from the request.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 13:38:41 +03:00			`reference:`
			`- https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface`
Added max request counter of each template 2023-04-28 13:41:21 +05:30			`metadata:`
			`max-request: 5`
templateman update 2023-10-14 16:57:55 +05:30			`tags: oast,ssrf,generic`
Create request-interaction-oob.yaml 2021-09-28 15:18:26 +05:30
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 09:58:59 +05:30			`http:`
Create request-interaction-oob.yaml 2021-09-28 15:18:26 +05:30			`- raw:`
			`- \|+`
			`GET / HTTP/1.1`
			`Host: {{interactsh-url}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`- \|+`
			`GET / HTTP/1.1`
			`Host: @{{interactsh-url}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`- \|+`
			`GET http://{{interactsh-url}}/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`- \|+`
			`GET @{{interactsh-url}}/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`- \|+`
			`GET {{interactsh-url}}:80/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Cache-Control: no-transform`
			`Accept: /`

			`unsafe: true # Use Unsafe HTTP library for malformed HTTP requests.`
templateman update 2023-10-14 16:57:55 +05:30
misc update 2021-09-30 03:26:16 +05:30			`matchers-condition: or`
Create request-interaction-oob.yaml 2021-09-28 15:18:26 +05:30			`matchers:`
			`- type: word`
			`part: interactsh_protocol`
			`name: http`
			`words:`
			`- "http"`
misc update 2021-09-30 03:26:16 +05:30
			`- type: word`
			`part: interactsh_protocol`
Update request-based-interaction.yaml 2021-09-30 03:31:03 +05:30			`name: dns`
misc update 2021-09-30 03:26:16 +05:30			`words:`
Update request-based-interaction.yaml 2021-09-30 03:31:03 +05:30			`- "dns"`
chore: sign templates 🤖 2024-12-01 13:57:55 +00:00			`# digest: 4b0a00483046022100ca4916bbf7327c1cd65b48ba5243ff714d5beefa994a0069b2d40ab1b97cdd78022100d1714c05ea0264cda4eaebee4d90f3aa1786ece75107b655fc267c82080f7d20:922c64590222798bb761d5b6d8e72950`