Close #96 - Add HTTP Request/Response headers

Source: https://github.com/craSH/SecLists/commits/http-headers

Miscellaneous/http-request-headers/http-request-headers-common-non-standard_examples.txt

@@ -0,0 +1,21 @@
+DNT: 1
+Front-End-Https: on
+Proxy-Connection: keep-alive
+X-Att-Deviceid: GT-P7320/P7320XXLPG
+X-CSRFToken: DECAFC0FFEEBAD
+X-Correlation-ID: f058ebd6-02f7-4d3f-942e-904344e8cde5
+X-Csrf-Token: DECAFC0FFEEBAD
+X-XSRF-TOKEN: DECAFC0FFEEBAD
+X-Do-Not-Track: 1
+X-Forwarded-For: 127.0.0.1
+X-Forwarded-For: client1, proxy1, proxy2
+X-Forwarded-Host: localhost
+X-Forwarded-Host: localhost:8080
+X-Forwarded-Proto: https
+X-HTTP-Method-Override: PUT
+X-ProxyUser-Ip: 127.0.0.1
+X-Request-ID: f058ebd6-02f7-4d3f-942e-904344e8cde5
+X-Requested-With: XMLHttpRequest
+X-UIDH: 31337DEADBEEFCAFE
+X-Wap-Profile: http://wap.samsungmobile.com/uaprof/SGH-I777.xml
+X-XSRF-TOKEN: DECAFC0FFEEBAD

Miscellaneous/http-request-headers/http-request-headers-common-non-standard_fields.txt

@@ -0,0 +1,19 @@
+DNT
+Front-End-Https
+Proxy-Connection
+X-ATT-DeviceId
+X-CSRFToken
+X-Correlation-ID
+X-Csrf-Token
+X-XSRF-TOKEN
+X-Do-Not-Track
+X-Forwarded-For
+X-Forwarded-Host
+X-Forwarded-Proto
+X-Http-Method-Override
+X-ProxyUser-Ip
+X-Request-ID
+X-Requested-With
+X-UIDH
+X-Wap-Profile
+X-XSRF-TOKEN

Miscellaneous/http-request-headers/http-request-headers-common-standard_examples.txt

@@ -0,0 +1,45 @@
+Accept-Charset: utf-8
+Accept-Datetime: Thu, 31 May 2007 20:35:00 GMT
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US
+Accept: text/plain
+Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+Cache-Control: no-cache
+Connection: Upgrade
+Connection: keep-alive
+Content-Length: 348
+Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ==
+Content-Type: application/x-www-form-urlencoded
+Cookie: $Version=1; Skin=new;
+Date: Tue, 15 Nov 1994 08:12:31 GMT
+Expect: 100-continue
+Forwarded: for=192.0.2.43, for=198.51.100.17
+Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43
+From: user@example.com
+Host: localhost
+Host: localhost:8080
+If-Match: "737060cd8c284d8af7ad3082f209582d"
+If-Match: W/"weakmatch"
+If-Match: "im", "not", "dead", "yet"
+If-Match: *
+If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
+If-None-Match: "737060cd8c284d8af7ad3082f209582d"
+If-None-Match: W/"weakmatch"
+If-None-Match: *
+If-Range: "737060cd8c284d8af7ad3082f209582d"
+If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT
+Max-Forwards: 10
+Origin: http://localhost
+Pragma: no-cache
+Proxy-Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+Range: bytes=500-999
+Referer: http://localhost/
+TE: trailers, deflate
+Upgrade: HTTP/2.0
+Upgrade: HTTPS/1.3
+Upgrade: IRC/6.9
+Upgrade: RTA/x11
+Upgrade: websocket
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/21.0
+Via: 1.0 fred, 1.1 example.com (Apache/1.1)
+Warning: 199 Miscellaneous warning

Miscellaneous/http-request-headers/http-request-headers-common-standard_fields.txt

@@ -0,0 +1,33 @@
+Accept
+Accept-Charset
+Accept-Datetime
+Accept-Encoding
+Accept-Language
+Authorization
+Cache-Control
+Connection
+Content-Length
+Content-MD5
+Content-Type
+Cookie
+Date
+Expect
+Forwarded
+From
+Host
+If-Match
+If-Modified-Since
+If-None-Match
+If-Range
+If-Unmodified-Since
+Max-Forwards
+Origin
+Pragma
+Proxy-Authorization
+Range
+Referer
+TE
+Upgrade
+User-Agent
+Via
+Warning

README.md

@@ -42,7 +42,8 @@ Significant effort is made to give attribution for these lists whenever possible
 - 0xsobky's Ultimate XSS Polyglot!
 - @otih for bruteforce collected username and password lists
 - @govolution for betterdefaultpasslist (https://github.com/govolution/betterdefaultpasslist)
-- Max Woolf (@minimaxir) for big-list-of-naughty-strings (https://github.com/minimaxir/big-list-of-naughty-strings) [/Fuzzing/big-list-of-naughty-strings.txt]
+- Max Woolf (@minimaxir) for big-list-of-naughty-strings (https://github.com/minimaxir/big-list-of-naughty-strings) [`/Fuzzing/big-list-of-naughty-strings.txt`]
+- Ian Gallagher (@craSH) for http-request-headers [`/Miscellaneous/http-request-headers/`]
 
 This project stays great because of care and love from the community, and we will never forget that.