| | 1 | + | # 304 Not Modified Bypass |
| | 2 | + | |
| | 3 | + | 1. Delete "If-None-Match" header |
| | 4 | + | ``` |
| | 5 | + | GET /admin HTTP/1.1 |
| | 6 | + | Host: target.com |
| | 7 | + | If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" |
| | 8 | + | ``` |
| | 9 | + | Try this to bypass |
| | 10 | + | ``` |
| | 11 | + | GET /admin HTTP/1.1 |
| | 12 | + | Host: target.com |
| | 13 | + | ``` |
| | 14 | + | |
| | 15 | + | 2. Adding random character in the end of "If-None-Match" header |
| | 16 | + | ``` |
| | 17 | + | GET /admin HTTP/1.1 |
| | 18 | + | Host: target.com |
| | 19 | + | If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" |
| | 20 | + | ``` |
| | 21 | + | Try this to bypass |
| | 22 | + | ``` |
| | 23 | + | GET /admin HTTP/1.1 |
| | 24 | + | Host: target.com |
| | 25 | + | Host: target.com |
| | 26 | + | If-None-Match: W/"32-IuK7rSIJ92ka0c92kld" b |
| | 27 | + | ``` |
| | 28 | + | |
| | 29 | + | Source: [https://anggigunawan17.medium.com/tips-bypass-etag-if-none-match-e1f0e650a521](https://anggigunawan17.medium.com/tips-bypass-etag-if-none-match-e1f0e650a521) |
| | 30 | + | |
Muhammad Daffa
committed
with
GitHub
3 years ago
1 parent 1d466b11