🔒 Closed How to generate http injector payload based on host's response header

[duahwalla14]

Maraming salamat. Keep sharing po

 

[ninesword]

Maraming salamat po master.

high blood! like ko na paps..

 

[M e r u]

thanks boss

 

[-MANKEY-]

nice thread boss.

 

[Angkongz]

Thanks for the tuitorial! Expand the army!

 

[markcastor1212]

Ty ts...

 

[Jin_Mataaka]

Maraming salamat. Keep sharing po

Maraming salamat po master.

thanks boss

nice thread boss.

Thanks for the tuitorial! Expand the army!

Ty ts...

walang ano man sa inyong lahat! salamat din. humayo kayo at magparami. baba

 

[Maytimayts]

yung idea na makikita mo yung response header ng host. kung gusto mo naman itest sa proxy, hmm lagyan mo ng proxy yung settings mo. internet options.

medyo nalilito ako... mag sample ako ahh..

check ko ang "voice.google.com" sa server header checker.

i got for responses.

SERVER RESPONSE: HTTP/1.1 301 Moved Permanently
SERVER RESPONSE: HTTP/1.1 302 Found
SERVER RESPONSE: HTTP/1.1 302 Found

SERVER RESPONSE: HTTP/1.1 200 OK ===> this is the last response na naging status 200
Content-Type:
text/html; charset=utf-8
Cache-Control:
no-cache, no-store, max-age=0, must-revalidate
Pragma:
no-cache
Expires:
Mon, 01 Jan 1990 00:00:00 GMT
Date:
Thu, 16 Feb 2017 12:37:31 GMT
P3P:
CP="This is not a P3P policy! See You do not have permission to view the full content of this post. Log in or register now. for more info."
Content-Length:
16729
Server:
ESF
X-XSS-Protection:
1; mode=block
X-Frame-Options:
SAMEORIGIN
Set-Cookie:
NID=97=rg9fWjD-7JSP6JHqPi0YpCHA-eU-HOdIrSu48OWLNXXEq69E36sVeN7ck7ZKczQdvTKtuLMcORe6aWAJI48bpYSm_upFJ1jwkyn0tACvnkD_wwVAd_owkoKK1weFVzCi;Domain=.google.com;Path=/;Expires=Fri, 18-Aug-2017 12:37:31 GMT;HttpOnly
Alt-Svc:
quic=":443"; ma=2592000; v="35,34"

=== so ibig sabihin paps ok ito na pang payload??

 

[Jin_Mataaka]

medyo nalilito ako... mag sample ako ahh..

check ko ang "voice.google.com" sa server header checker.

i got for responses.

SERVER RESPONSE: HTTP/1.1 301 Moved Permanently
SERVER RESPONSE: HTTP/1.1 302 Found
SERVER RESPONSE: HTTP/1.1 302 Found

SERVER RESPONSE: HTTP/1.1 200 OK ===> this is the last response na naging status 200
Content-Type:
text/html; charset=utf-8
Cache-Control:
no-cache, no-store, max-age=0, must-revalidate
Pragma:
no-cache
Expires:
Mon, 01 Jan 1990 00:00:00 GMT
Date:
Thu, 16 Feb 2017 12:37:31 GMT
P3P:
CP="This is not a P3P policy! See You do not have permission to view the full content of this post. Log in or register now. for more info."
Content-Length:
16729
Server:
ESF
X-XSS-Protection:
1; mode=block
X-Frame-Options:
SAMEORIGIN
Set-Cookie:
NID=97=rg9fWjD-7JSP6JHqPi0YpCHA-eU-HOdIrSu48OWLNXXEq69E36sVeN7ck7ZKczQdvTKtuLMcORe6aWAJI48bpYSm_upFJ1jwkyn0tACvnkD_wwVAd_owkoKK1weFVzCi;Domain=.google.com;Path=/;Expires=Fri, 18-Aug-2017 12:37:31 GMT;HttpOnly
Alt-Svc:
quic=":443"; ma=2592000; v="35,34"

=== so ibig sabihin paps ok ito na pang payload??

yes, ok lang yan. actually ganito ang mga URL ng redirections nya. hehe pero wala namang kaso. http:// at /about lng kulang

Domain URL: You do not have permission to view the full content of this post. Log in or register now.

Domain Length: 6

Status Code: 301 Moved Permanently

Redirect Location: You do not have permission to view the full content of this post. Log in or register now. (200 OK)

Number of Redirect: 3

Redirect Type: You do not have permission to view the full content of this post. Log in or register now. (301 Moved Permanently) ; You do not have permission to view the full content of this post. Log in or register now. (302 Found) ; You do not have permission to view the full content of this post. Log in or register now. (302 Found) ; You do not have permission to view the full content of this post. Log in or register now. (200 OK)

so pra sa lahat, ganyan po ang posibility ng nangyayari sa redirections. hehe nagiiba lng url.

 

[jnncaliwara22]

Big help boss. Salamat

 

[phc_awitize_]

Panalo tong post na to. Dami ko natutunan paps.thank you

 

[Jin_Mataaka]

Big help boss. Salamat

Panalo tong post na to. Dami ko natutunan paps.thank you

walang ano man po mga sir! hehe enjoy!
kung masipag kayo mag back read my mga info din nashare na di kasama sa post.

 

[elixer]

salamat dito paps

 

[mike530]

Salamat sir

 

[shanna villamor]

tnx dito master

 

[susdave10]

Sugoi senpai Helpful thread .. Tuloy niyo lang po

 

[jaguar21]

thanks for sharing ts very useful and informative

 

[drazil2017]

Nice info sir.. buti andyan ka sa pamamahagi ng kaalaman maraming salama po keep on sharing..

 

[Android67]

I just want to ask. How would you know that the host you're using us the right one?

 

[Jin_Mataaka]

salamat dito paps

Salamat sir

tnx dito master

Sugoi senpai Helpful thread .. Tuloy niyo lang po

thanks for sharing ts very useful and informative

Nice info sir.. buti andyan ka sa pamamahagi ng kaalaman maraming salama po keep on sharing..

welcome po!

I just want to ask. How would you know that the host you're using us the right one?

Your host should return a status 200 code for (OK) or (Connection established) for a successful tunneling. Other status than 200 is also fine, but you need a more complex setup to have a successful connection. It's actually your personal choice, an easy way or a complex way. For me, I choose the easy way. I only use host that return status 200 at first response.