From d17ff06a3096db5f7a044f6ea62800e95cc9ad94 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Wed, 21 Mar 2018 16:34:56 +0000 Subject: [PATCH] Close #96 - Add HTTP Request/Response headers Source: https://github.com/craSH/SecLists/commits/http-headers --- ...t-headers-common-non-standard_examples.txt | 21 +++++++++ ...est-headers-common-non-standard_fields.txt | 19 ++++++++ ...quest-headers-common-standard_examples.txt | 45 +++++++++++++++++++ ...request-headers-common-standard_fields.txt | 33 ++++++++++++++ README.md | 3 +- 5 files changed, 120 insertions(+), 1 deletion(-) create mode 100644 Miscellaneous/http-request-headers/http-request-headers-common-non-standard_examples.txt create mode 100644 Miscellaneous/http-request-headers/http-request-headers-common-non-standard_fields.txt create mode 100644 Miscellaneous/http-request-headers/http-request-headers-common-standard_examples.txt create mode 100644 Miscellaneous/http-request-headers/http-request-headers-common-standard_fields.txt diff --git a/Miscellaneous/http-request-headers/http-request-headers-common-non-standard_examples.txt b/Miscellaneous/http-request-headers/http-request-headers-common-non-standard_examples.txt new file mode 100644 index 00000000..2c1fc37b --- /dev/null +++ b/Miscellaneous/http-request-headers/http-request-headers-common-non-standard_examples.txt @@ -0,0 +1,21 @@ +DNT: 1 +Front-End-Https: on +Proxy-Connection: keep-alive +X-Att-Deviceid: GT-P7320/P7320XXLPG +X-CSRFToken: DECAFC0FFEEBAD +X-Correlation-ID: f058ebd6-02f7-4d3f-942e-904344e8cde5 +X-Csrf-Token: DECAFC0FFEEBAD +X-XSRF-TOKEN: DECAFC0FFEEBAD +X-Do-Not-Track: 1 +X-Forwarded-For: 127.0.0.1 +X-Forwarded-For: client1, proxy1, proxy2 +X-Forwarded-Host: localhost +X-Forwarded-Host: localhost:8080 +X-Forwarded-Proto: https +X-HTTP-Method-Override: PUT +X-ProxyUser-Ip: 127.0.0.1 +X-Request-ID: f058ebd6-02f7-4d3f-942e-904344e8cde5 +X-Requested-With: XMLHttpRequest +X-UIDH: 31337DEADBEEFCAFE +X-Wap-Profile: http://wap.samsungmobile.com/uaprof/SGH-I777.xml +X-XSRF-TOKEN: DECAFC0FFEEBAD diff --git a/Miscellaneous/http-request-headers/http-request-headers-common-non-standard_fields.txt b/Miscellaneous/http-request-headers/http-request-headers-common-non-standard_fields.txt new file mode 100644 index 00000000..d74de1d4 --- /dev/null +++ b/Miscellaneous/http-request-headers/http-request-headers-common-non-standard_fields.txt @@ -0,0 +1,19 @@ +DNT +Front-End-Https +Proxy-Connection +X-ATT-DeviceId +X-CSRFToken +X-Correlation-ID +X-Csrf-Token +X-XSRF-TOKEN +X-Do-Not-Track +X-Forwarded-For +X-Forwarded-Host +X-Forwarded-Proto +X-Http-Method-Override +X-ProxyUser-Ip +X-Request-ID +X-Requested-With +X-UIDH +X-Wap-Profile +X-XSRF-TOKEN diff --git a/Miscellaneous/http-request-headers/http-request-headers-common-standard_examples.txt b/Miscellaneous/http-request-headers/http-request-headers-common-standard_examples.txt new file mode 100644 index 00000000..14a7b1d1 --- /dev/null +++ b/Miscellaneous/http-request-headers/http-request-headers-common-standard_examples.txt @@ -0,0 +1,45 @@ +Accept-Charset: utf-8 +Accept-Datetime: Thu, 31 May 2007 20:35:00 GMT +Accept-Encoding: gzip, deflate +Accept-Language: en-US +Accept: text/plain +Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== +Cache-Control: no-cache +Connection: Upgrade +Connection: keep-alive +Content-Length: 348 +Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ== +Content-Type: application/x-www-form-urlencoded +Cookie: $Version=1; Skin=new; +Date: Tue, 15 Nov 1994 08:12:31 GMT +Expect: 100-continue +Forwarded: for=192.0.2.43, for=198.51.100.17 +Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43 +From: user@example.com +Host: localhost +Host: localhost:8080 +If-Match: "737060cd8c284d8af7ad3082f209582d" +If-Match: W/"weakmatch" +If-Match: "im", "not", "dead", "yet" +If-Match: * +If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT +If-None-Match: "737060cd8c284d8af7ad3082f209582d" +If-None-Match: W/"weakmatch" +If-None-Match: * +If-Range: "737060cd8c284d8af7ad3082f209582d" +If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT +Max-Forwards: 10 +Origin: http://localhost +Pragma: no-cache +Proxy-Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== +Range: bytes=500-999 +Referer: http://localhost/ +TE: trailers, deflate +Upgrade: HTTP/2.0 +Upgrade: HTTPS/1.3 +Upgrade: IRC/6.9 +Upgrade: RTA/x11 +Upgrade: websocket +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/21.0 +Via: 1.0 fred, 1.1 example.com (Apache/1.1) +Warning: 199 Miscellaneous warning diff --git a/Miscellaneous/http-request-headers/http-request-headers-common-standard_fields.txt b/Miscellaneous/http-request-headers/http-request-headers-common-standard_fields.txt new file mode 100644 index 00000000..8cbd62b1 --- /dev/null +++ b/Miscellaneous/http-request-headers/http-request-headers-common-standard_fields.txt @@ -0,0 +1,33 @@ +Accept +Accept-Charset +Accept-Datetime +Accept-Encoding +Accept-Language +Authorization +Cache-Control +Connection +Content-Length +Content-MD5 +Content-Type +Cookie +Date +Expect +Forwarded +From +Host +If-Match +If-Modified-Since +If-None-Match +If-Range +If-Unmodified-Since +Max-Forwards +Origin +Pragma +Proxy-Authorization +Range +Referer +TE +Upgrade +User-Agent +Via +Warning diff --git a/README.md b/README.md index 6872ece0..96a584f5 100755 --- a/README.md +++ b/README.md @@ -42,7 +42,8 @@ Significant effort is made to give attribution for these lists whenever possible - 0xsobky's Ultimate XSS Polyglot! - @otih for bruteforce collected username and password lists - @govolution for betterdefaultpasslist (https://github.com/govolution/betterdefaultpasslist) -- Max Woolf (@minimaxir) for big-list-of-naughty-strings (https://github.com/minimaxir/big-list-of-naughty-strings) [/Fuzzing/big-list-of-naughty-strings.txt] +- Max Woolf (@minimaxir) for big-list-of-naughty-strings (https://github.com/minimaxir/big-list-of-naughty-strings) [`/Fuzzing/big-list-of-naughty-strings.txt`] +- Ian Gallagher (@craSH) for http-request-headers [`/Miscellaneous/http-request-headers/`] This project stays great because of care and love from the community, and we will never forget that.