Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Header Based Generic OOB Interaction" module is designed to detect misconfigurations or vulnerabilities related to header-based out-of-band (OOB) interactions. It targets a specific software and provides informative insights into potential security issues. This module has an informative severity level and was authored by pdteam.
This module detects if the remote server fetched a spoofed URL from the request headers. This can potentially lead to security vulnerabilities or misconfigurations that may be exploited by attackers.
The "Header Based Generic OOB Interaction" module works by sending HTTP requests with specific headers and then matching the responses against predefined conditions. It uses two matching conditions: "http" and "dns". The module checks if the response contains the word "http" or "dns" in the "interactsh_protocol" part of the response. If either condition is met, the module considers it a match.
Here is an example of an HTTP request sent by the module:
GET /
Headers:
- From: root@{%InteractionURL%}
- X-Host: spoofed.{%InteractionURL%}
- Contact: root@{%InteractionURL%}
- Profile: http://{%InteractionURL%}/profile.xml
- Referer: http://{%InteractionURL%}/ref
- Client-Ip: spoofed.{%InteractionURL%}
- Forwarded: for=spoofed.{%InteractionURL%};by=spoofed.{%InteractionURL%};host=spoofed.{%InteractionURL%}
- X-Real-Ip: spoofed.{%InteractionURL%}
- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@{%InteractionURL%}
- X-Client-Ip: spoofed.{%InteractionURL%}
- Cache-Control: no-transform
- X-Wap-Profile: http://{%InteractionURL%}/wap.xml
- True-Client-Ip: spoofed.{%InteractionURL%}
- X-Forwarded-For: spoofed.{%InteractionURL%}
- Cf-Connecting_ip: spoofed.{%InteractionURL%}
- X-Forwarded-Host: spoofed.{%InteractionURL%}
- X-Originating-Ip: spoofed.{%InteractionURL%}
- X-Forwarded-Server: spoofed.{%InteractionURL%}
- X-HTTP-Host-Override: spoofed.{%InteractionURL%}
The module considers a match if either the "http" or "dns" condition is met. It helps identify potential misconfigurations or vulnerabilities related to header-based OOB interactions.
For more information, you can refer to the Collaborator Everywhere GitHub repository.
Metadata: max-request: 1
From: root@{%InteractionUR...
X-Host: spoofed.{%Interactio...
Contact: root@{%InteractionUR...
Profile: http://{%Interaction...
Referer: http://{%Interaction...
Client-Ip: spoofed.{%Interactio...
Forwarded: for=spoofed.{%Intera...
X-Real-Ip: spoofed.{%Interactio...
User-Agent: Mozilla/5.0 (Windows...
X-Client-Ip: spoofed.{%Interactio...
Cache-Control: no-transform
X-Wap-Profile: http://{%Interaction...
True-Client-Ip: spoofed.{%Interactio...
X-Forwarded-For: spoofed.{%Interactio...
Cf-Connecting_ip: spoofed.{%Interactio...
X-Forwarded-Host: spoofed.{%Interactio...
X-Originating-Ip: spoofed.{%Interactio...
X-Forwarded-Server: spoofed.{%Interactio...
X-HTTP-Host-Override: spoofed.{%Interactio...