CoCalc -- flow-request-condition-payloads.yaml

GitHub Repository: projectdiscovery/nuclei
Path: blob/dev/pkg/tmplexec/flow/testcases/flow-request-condition-payloads.yaml
⁴⁵³⁸ views

1
id: flow-request-condition-payloads
2

3
info:
4
  name: Flow with request condition and payloads
5
  author: test
6
  severity: info
7

8
flow: http()
9

10
http:
11
  - raw:
12
      - |
13
        GET /step1 HTTP/1.1
14
        Host: {{Hostname}}
15

16
      - |
17
        POST /login HTTP/1.1
18
        Host: {{Hostname}}
19
        Content-Type: application/x-www-form-urlencoded
20

21
        username={{username}}&password={{password}}
22

23
      - |
24
        GET /admin?token={{auth}} HTTP/1.1
25
        Host: {{Hostname}}
26

27
    attack: pitchfork
28
    payloads:
29
      username:
30
        - admin
31
      password:
32
        - secret123
33

34
    matchers-condition: and
35
    matchers:
36
      - type: word
37
        part: body_2
38
        words:
39
          - "login-ok"
40

41
      - type: word
42
        part: body_3
43
        words:
44
          - "admin-ok"
45

46
    extractors:
47
      - type: regex
48
        name: auth
49
        internal: true
50
        part: header_2
51
        group: 1
52
        regex:
53
          - 'X-Auth-Token: ([a-z0-9]+)'
54

55

Product

Resources

Company