Another way to create request is using raw requests which comes with more flexibility and support of DSL helper functions, like the following ones (as of now it’s suggested to leave the Host header as in the example with the variable {{Hostname}}), All the Matcher, Extractor capabilities can be used with RAW requests in same the way described above.

http:
  - raw:
    - |
        POST /path2/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        a=test&b=pd

Requests can be fine-tuned to perform the exact tasks as desired. Nuclei requests are fully configurable meaning you can configure and define each and every single thing about the requests that will be sent to the target servers.

RAW request format also supports various helper functions letting us do run time manipulation with input. An example of the using a helper function in the header.

    - raw:
      - |
        GET /manager/html HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64('username:password')}} # Helper function to encode input at run time.

To make a request to the URL specified as input without any additional tampering, a blank Request URI can be used as specified below which will make the request to user specified input.

    - raw:
      - |
        GET HTTP/1.1
        Host: {{Hostname}}

More complete examples are provided here

Was this page helpful?

Basic HTTPOverview