🔀Match and Replace

Match and Replace allows you to modify HTTP requests before they are sent during active scanning. This is useful for changing request methods, modifying headers, or transforming request content.

📡 HTTP Method Change

The changeHttpRequest and changeHttpRequestType fields control HTTP method transformation:

{
  "changeHttpRequest": true,
  "changeHttpRequestType": 1
}

changeHttpRequestType

Behavior

🔄 POST → GET — Convert POST requests to GET

🔄 GET → POST — Convert GET requests to POST

🔁 Toggle — Switch between GET and POST

🎯 Use Cases

🔓 Testing for method-based access control bypasses — Some endpoints enforce different authorization on GET vs POST
🔍 Testing parameter handling — Check if parameters are processed the same way in different methods
🛡️ Bypassing WAF rules — Some WAF rules only apply to specific HTTP methods

📋 Header Match and Replace

The Header field defines find/replace rules applied to request headers before sending:

{
  "Header": [
    {
      "type": "Request",
      "match": "Content-Type: application/x-www-form-urlencoded",
      "replace": "Content-Type: application/json",
      "regex": "String"
    }
  ]
}

⚙️ Header Object Fields

Field

Description

Values

type

📍 Where to apply the replacement

Request (request headers), Payload (payload content)

match

🔍 The pattern to find

String or regex pattern

replace

🔄 The replacement value

Replacement string

regex

⚙️ Matching mode

String (literal match), or regex pattern

📚 Examples

📄 Change Content-Type:

{
  "type": "Request",
  "match": "Content-Type: application/x-www-form-urlencoded",
  "replace": "Content-Type: application/json",
  "regex": "String"
}

➕ Add a custom header:

{
  "type": "Request",
  "match": "\r\n\r\n",
  "replace": "\r\nX-Custom-Header: value\r\n\r\n",
  "regex": "String"
}

🗑️ Remove a header:

{
  "type": "Request",
  "match": "X-Unwanted-Header: .*\r\n",
  "replace": "",
  "regex": "Regex"
}

💉 Modify payload content:

{
  "type": "Payload",
  "match": "PLACEHOLDER",
  "replace": "actual_value",
  "regex": "String"
}

🔗 Combining with Other Features

🔄 Method Change + Header Modification

{
  "changeHttpRequest": true,
  "changeHttpRequestType": 1,
  "Header": [
    {
      "type": "Request",
      "match": "Content-Type: application/x-www-form-urlencoded",
      "replace": "Content-Type: text/plain",
      "regex": "String"
    }
  ]
}

This converts POST to GET and changes the Content-Type header.

📋 Header Modification + New Headers

{
  "isHeaderValue": true,
  "NewHeaders": ["Origin"],
  "Header": [
    {
      "type": "Request",
      "match": "Referer: .*",
      "replace": "Referer: https://evil.com",
      "regex": "Regex"
    }
  ]
}

This adds the payload as the Origin header value while also modifying the Referer header.

⚡ Application Order

Match and Replace rules are applied in this order:

🔄 HTTP method change (if changeHttpRequest: true)
📋 Header match/replace rules (from Header array)
💉 Payload injection into insertion points
🔧 Variable replacement
📡 Request is sent

PreviousRaw Request NextPayload Encoding

Last updated 14 hours ago

hashtag📡 HTTP Method Change

hashtag🎯 Use Cases

hashtag📋 Header Match and Replace

hashtag⚙️ Header Object Fields

hashtag📚 Examples

hashtag🔗 Combining with Other Features

hashtag🔄 Method Change + Header Modification

hashtag📋 Header Modification + New Headers

hashtag⚡ Application Order