Episode Details
Back to Episodes
Course 3 - Mastering Nuclei for Bug Bounty | Episode 5: Matching Conditions in the Body and Header
Published 6 months, 2 weeks ago
Description
In this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- POST-based matchers in Nuclei — overview: moving from simple GET checks to POST requests that include payloads; used when the vulnerable endpoint expects body data.
- Matching in the body:
- Set request method: post and provide body: (key=value pairs, e.g., search=apple or YAML-style search: apple).
- Create matchers that look for a word (e.g., apple) in the response body and typically assert a status code (e.g., status: 200) for a confident hit.
- Matching in response headers:
- Use part: header in the matcher to check for values that appear in response headers (e.g., a custom header containing apple).
- Combine header matching with status checks for precision.
- Template authoring workflow:
- Build the requests block with method: POST, path, and body:.
- Add matchers specifying type: word or type: regex, part: body or part: header, and optional status conditions.
- Validation & debugging:
- Validate YAML syntax with a linter (YAML Lint) before running.
- Use -debug and -v to print exact HTTP requests/responses Nuclei sends/receives.
- Proxy through Burp Suite to capture the POST request, inspect the response, and confirm the matcher logic works as intended.
- Practical tips:
- Ensure correct Content-Type headers (e.g., application/x-www-form-urlencoded or application/json) in the template if the endpoint requires it.
- When matching JSON responses, prefer type: regex to safely extract values (e.g., \"key\"\s*:\s*\"apple\").
- Test locally on a safe target or staging environment before broad runs.
- Combine body and header matchers when possible to reduce false positives.
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy