miscellaneousfools
Honorary Poster
- Joined
- Jun 1, 2015
- Posts
- 498
- Reaction
- 387
- Points
- 202
- Age
- 28
Let's learn together, so let's start.
Here's a blog that tackles how the server handles requests from the client side.
It has the basic details that we need, it will give us an idea on how does our payload be handled by our apps or terminals to have a query on server host.
So here is the blog post:
Payload Keyword
By using the keywords below, the application will automatically be replaced with the data relavent when injected, you should not change the words in square brackets unless you know what you are doing.
Keywords supported: [host] [port] [host_port] [protocol] [netData] [cr] [lf] [crlf] [lfcr]
Assume that 188.100.100.123 is an IP SSH Server and 22 is your SSH port
Keywords
Auto replaced
Means
[host]
188,100,100,123
Host destination
[port]
22
Destination port
[Host_port]
188,100,100.123:22
Host and destination port, separated by colons:
[Ssh]
188,100,100.123:22
The SSH server ip and the port you set in the settings
[protocol]
HTTP \ 1.0 or HTTP \ 1.1
HTTP protocol version
[NetData]
CONNECT [host_port] [protocol]
Short form of three keywords
[Cr]
\ R
Carriage Return, U + 000D
[Lf]
\ N
Line Feed, U + 000A
[Crlf]
\ R \ n
CR (U + 000D) followed by LF (U + 000A)
[Lfcr]
\ N \ r
LF (U + 000A) followed by CR (U + 000D)
[Crlf] [crlf]
\ R \ n \ r \ n
To show the end of the HTTP header
Injecting Method
Note: In this example we use the "CONNECT" & "HEAD" request method and domain.com as the host you want to emulate, you might need to use GET / POST / DELETE / CONNECT / HEAD ...
Make sure your remote HTTP proxy allows the method other requests you will get 403 errors.
Tip: Use "Payload Generator" in the HTTP Injector application rather than manually writing. Usually we only need to use the request method "CONNECT"
method
Payload
Normal
CONNECT [host_port] [protocol] [crlf] Host: domain.com [crlf] [crlf]
Inject ahead
GET You do not have permission to view the full content of this post. Log in or register now. HTTP / 1.1 [crlf] Host: domain.com [crlf] [crlf] CONNECT [host_port] [protocol] [crlf] [crlf]
Re-inject
CONNECT [host_port] HTTP / 1.1 [crlf] [crlf] GET You do not have permission to view the full content of this post. Log in or register now. [protocol] [crlf] Host: domain.com [crlf] [crlf]
Front request
CONNECT domain.com @ [host_port] [crlf] GET You do not have permission to view the full content of this post. Log in or register now. [protocol] [crlf] Host: domain.com [crlf] [crlf]
Return Request
CONNECT [host_port] @ domain.com [crlf] GET You do not have permission to view the full content of this post. Log in or register now. [protocol] [crlf] Host: domain.com [crlf] [crlf] u
Here's a blog that tackles how the server handles requests from the client side.
It has the basic details that we need, it will give us an idea on how does our payload be handled by our apps or terminals to have a query on server host.
So here is the blog post:
Payload Keyword
By using the keywords below, the application will automatically be replaced with the data relavent when injected, you should not change the words in square brackets unless you know what you are doing.
Keywords supported: [host] [port] [host_port] [protocol] [netData] [cr] [lf] [crlf] [lfcr]
Assume that 188.100.100.123 is an IP SSH Server and 22 is your SSH port
Keywords
Auto replaced
Means
[host]
188,100,100,123
Host destination
[port]
22
Destination port
[Host_port]
188,100,100.123:22
Host and destination port, separated by colons:
[Ssh]
188,100,100.123:22
The SSH server ip and the port you set in the settings
[protocol]
HTTP \ 1.0 or HTTP \ 1.1
HTTP protocol version
[NetData]
CONNECT [host_port] [protocol]
Short form of three keywords
[Cr]
\ R
Carriage Return, U + 000D
[Lf]
\ N
Line Feed, U + 000A
[Crlf]
\ R \ n
CR (U + 000D) followed by LF (U + 000A)
[Lfcr]
\ N \ r
LF (U + 000A) followed by CR (U + 000D)
[Crlf] [crlf]
\ R \ n \ r \ n
To show the end of the HTTP header
Injecting Method
Note: In this example we use the "CONNECT" & "HEAD" request method and domain.com as the host you want to emulate, you might need to use GET / POST / DELETE / CONNECT / HEAD ...
Make sure your remote HTTP proxy allows the method other requests you will get 403 errors.
Tip: Use "Payload Generator" in the HTTP Injector application rather than manually writing. Usually we only need to use the request method "CONNECT"
method
Payload
Normal
CONNECT [host_port] [protocol] [crlf] Host: domain.com [crlf] [crlf]
Inject ahead
GET You do not have permission to view the full content of this post. Log in or register now. HTTP / 1.1 [crlf] Host: domain.com [crlf] [crlf] CONNECT [host_port] [protocol] [crlf] [crlf]
Re-inject
CONNECT [host_port] HTTP / 1.1 [crlf] [crlf] GET You do not have permission to view the full content of this post. Log in or register now. [protocol] [crlf] Host: domain.com [crlf] [crlf]
Front request
CONNECT domain.com @ [host_port] [crlf] GET You do not have permission to view the full content of this post. Log in or register now. [protocol] [crlf] Host: domain.com [crlf] [crlf]
Return Request
CONNECT [host_port] @ domain.com [crlf] GET You do not have permission to view the full content of this post. Log in or register now. [protocol] [crlf] Host: domain.com [crlf] [crlf] u
Last edited: