AUTONOMY DIRECTORATE

๐Ÿ  Main

๐Ÿ  Home
โฐ Q-Day Countdown
0
Y
0
D
0
H
0
M
0
S
0
MS

๐Ÿงช Interactive Apps

๐Ÿ” Encrypt & Share ๐Ÿ”’ Encryption ๐Ÿ—œ๏ธ Compression ๐Ÿ“„ PDF Tools ๐ŸŽต Music โœจ Quantum Sandbox ๐Ÿ” Challenge Mode ๐Ÿ” Regex Designer ๐Ÿ—„๏ธ SQL Generator ๐Ÿ”ฌ PQC Scanner โšก HTTP/3 Scanner ๐Ÿš€ WebTransport Test ๐ŸŒ Speed Test ๐Ÿ“ก Telemetry Wall ๐ŸŽฒ Entropy

๐Ÿ“ฐ News

๐Ÿ“ฐ News
๐Ÿ—ž๏ธ Latest Headlines
Loading news...
Loading... โ€ข Just now

๐Ÿ›ก๏ธ PQ Crypta Proxy

๐ŸŒ Proxy Whitepaper ๐Ÿ–ฅ๏ธ Control Plane ๐Ÿ™ GitHub ๐ŸŽฏ Red Team Tests

๐Ÿ‘ค Account

๐Ÿ“ Sign Up ๐Ÿ”‘ Login ๐Ÿ“Š Dashboard ๐Ÿฉบ Health Monitor ๐Ÿ“ก System Telemetry ๐Ÿšช Logout

โŸจ QUANTUM ERROR PORTAL โŸฉ

Navigate the Error Dimensions

PQ Crypta Logo

Script Viewer

Red Team Suite › 03_header_injection.sh

03_header_injection.sh 98 lines
Download ← All Scripts
1 #!/bin/bash
2 # Header injection / smuggling / spoofing tests
3 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
4 source "$SCRIPT_DIR/../config.sh"
5 OUT="$OUT/headers"
6 mkdir -p "$OUT"
7
8 echo '=== HEADER INJECTION & SPOOFING TESTS ===' | tee "$OUT/summary.txt"
9
10 # IP spoofing via forwarding headers (WAF should ignore/distrust these)
11 echo '--- IP Spoofing Headers ---' | tee -a "$OUT/summary.txt"
12 SPOOF_HEADERS=(
13 'X-Forwarded-For: 127.0.0.1'
14 'X-Forwarded-For: 10.0.0.1'
15 'X-Real-IP: 127.0.0.1'
16 'X-Originating-IP: 127.0.0.1'
17 'X-Remote-IP: 127.0.0.1'
18 'X-Client-IP: 127.0.0.1'
19 'True-Client-IP: 127.0.0.1'
20 'CF-Connecting-IP: 127.0.0.1'
21 'X-Forwarded-For: ::1'
22 )
23 for h in "${SPOOF_HEADERS[@]}"; do
24 resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -H "$h" "$TARGET/")
25 echo "[$resp] $h" | tee -a "$OUT/summary.txt"
26 done
27
28 # HTTP method override
29 echo '' | tee -a "$OUT/summary.txt"
30 echo '--- Method Override ---' | tee -a "$OUT/summary.txt"
31 for meth in 'DELETE' 'TRACE' 'OPTIONS' 'CONNECT' 'PATCH'; do
32 resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -X "$meth" "$TARGET/")
33 echo "[$resp] Method: $meth" | tee -a "$OUT/summary.txt"
34 done
35
36 # Method override via headers
37 echo '' | tee -a "$OUT/summary.txt"
38 echo '--- Method Override via Headers ---' | tee -a "$OUT/summary.txt"
39 resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -X POST -H 'X-HTTP-Method-Override: DELETE' "$TARGET/")
40 echo "[$resp] POST + X-HTTP-Method-Override: DELETE" | tee -a "$OUT/summary.txt"
41
42 # Host header injection
43 echo '' | tee -a "$OUT/summary.txt"
44 echo '--- Host Header Injection ---' | tee -a "$OUT/summary.txt"
45 HOSTS=('evil.com' 'localhost' '127.0.0.1' 'pqcrypta.com.evil.com' 'pqcrypta.com@evil.com')
46 for h in "${HOSTS[@]}"; do
47 resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -H "Host: $h" "$TARGET/")
48 echo "[$resp] Host: $h" | tee -a "$OUT/summary.txt"
49 done
50
51 # Content-Type confusion
52 echo '' | tee -a "$OUT/summary.txt"
53 echo '--- Content-Type Confusion ---' | tee -a "$OUT/summary.txt"
54 resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'data=<script>alert(1)</script>' "$TARGET/")
55 echo "[$resp] POST form with XSS payload" | tee -a "$OUT/summary.txt"
56
57 resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -X POST -H 'Content-Type: application/json' -d '{"query":"\u003cscript\u003ealert(1)\u003c/script\u003e"}' "$TARGET/")
58 echo "[$resp] POST JSON with unicode-escaped XSS" | tee -a "$OUT/summary.txt"
59
60 cat "$OUT/summary.txt"
61
62 # โ”€โ”€ IPv6 Variants โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
63 echo "--- IPv6 Header / SSRF Variants ---" | tee -a "$OUT/header_inject/summary.txt" 2>/dev/null || true
64 OUT_FILE="$OUT/03_header_injection.txt"
65 [ -f "$OUT_FILE" ] || OUT_FILE="$OUT/header_inject/summary.txt"
66
67 IPV6_LOOPBACK_VARIANTS=(
68 "[::1]"
69 "::1"
70 "0:0:0:0:0:0:0:1"
71 "::ffff:127.0.0.1"
72 "[::ffff:127.0.0.1]"
73 "0000:0000:0000:0000:0000:0000:0000:0001"
74 )
75 for IPV6 in "${IPV6_LOOPBACK_VARIANTS[@]}"; do
76 CODE=$(curl -sk --http2 -o /dev/null -w '%{http_code}' --max-time 8 \
77 -A "$BROWSER_UA" \
78 -H "X-Forwarded-For: $IPV6" \
79 "$TARGET/")
80 printf '[%s] IPv6 XFF spoof: X-Forwarded-For: %s\n' "$CODE" "$IPV6" | tee -a "$OUT_FILE"
81 done
82
83 # IPv6 in Host header
84 for IPV6 in "[::1]" "[::ffff:127.0.0.1]"; do
85 CODE=$(curl -sk --http2 -o /dev/null -w '%{http_code}' --max-time 8 \
86 -A "$BROWSER_UA" -H "Host: $IPV6" "$TARGET/")
87 printf '[%s] IPv6 Host header: %s\n' "$CODE" "$IPV6" | tee -a "$OUT_FILE"
88 done
89
90 # IPv6 SSRF probe variants
91 for IPV6 in "http://[::1]:${INTERNAL_API_PORT}/status" "http://[::ffff:127.0.0.1]/admin/" "http://[::]:80/"; do
92 ENC=$(python3 -c "import urllib.parse,sys; print(urllib.parse.quote(sys.argv[1]))" "$IPV6")
93 CODE=$(curl -sk --http2 -o /dev/null -w '%{http_code}' --max-time 8 \
94 -A "$BROWSER_UA" "$TARGET/?url=$ENC")
95 printf '[%s] IPv6 SSRF probe: %s\n' "$CODE" "$IPV6" | tee -a "$OUT_FILE"
96 done
97 echo ""
98