πŸ”€Match and Replace

Match and Replace allows you to modify HTTP requests before they are sent during active scanning. This is useful for changing request methods, modifying headers, or transforming request content.

πŸ“‘ HTTP Method Change

The changeHttpRequest and changeHttpRequestType fields control HTTP method transformation:

{
  "changeHttpRequest": true,
  "changeHttpRequestType": 1
}
changeHttpRequestType
Behavior

1

πŸ”„ POST β†’ GET β€” Convert POST requests to GET

2

πŸ”„ GET β†’ POST β€” Convert GET requests to POST

3

πŸ” Toggle β€” Switch between GET and POST

🎯 Use Cases

  • πŸ”“ Testing for method-based access control bypasses β€” Some endpoints enforce different authorization on GET vs POST

  • πŸ” Testing parameter handling β€” Check if parameters are processed the same way in different methods

  • πŸ›‘οΈ Bypassing WAF rules β€” Some WAF rules only apply to specific HTTP methods

πŸ“‹ Header Match and Replace

The Header field defines find/replace rules applied to request headers before sending:

βš™οΈ Header Object Fields

Field
Description
Values

type

πŸ“ Where to apply the replacement

Request (request headers), Payload (payload content)

match

πŸ” The pattern to find

String or regex pattern

replace

πŸ”„ The replacement value

Replacement string

regex

βš™οΈ Matching mode

String (literal match), or regex pattern

πŸ“š Examples

πŸ“„ Change Content-Type:

βž• Add a custom header:

πŸ—‘οΈ Remove a header:

πŸ’‰ Modify payload content:

πŸ”— Combining with Other Features

πŸ”„ Method Change + Header Modification

This converts POST to GET and changes the Content-Type header.

πŸ“‹ Header Modification + New Headers

This adds the payload as the Origin header value while also modifying the Referer header.

⚑ Application Order

Match and Replace rules are applied in this order:

  1. πŸ”„ HTTP method change (if changeHttpRequest: true)

  2. πŸ“‹ Header match/replace rules (from Header array)

  3. πŸ’‰ Payload injection into insertion points

  4. πŸ”§ Variable replacement

  5. πŸ“‘ Request is sent

Last updated