noa-x / noxway ΓΆffentlich
Γ–ffentliche Dateiansicht: Raw-Dateien, Tree, Releases und Issues sind ohne Login verfΓΌgbar.
1Branches 0Tags
testservices/testservice1.http
ZurΓΌck Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

### Noxway β€” Testservice 1
### Direkt (Backend, bypasses Gateway)

@base = http://127.0.0.1:8080
@prefix = {{base}}/v1

# ── Direct backend call ───────────────────────────────────────────────────────

### Direct β€” GET /testservice1
GET {{base}}/testservice1

###

# ── Via Gateway (prefix /v1/) ─────────────────────────────────────────────────

### Gateway β€” GET /v1/testservice1  (basic endpoint, no extra headers)
GET {{prefix}}/testservice1

###

### Gateway β€” GET /v1/testservice1  with Authorization header (JWT)
GET {{prefix}}/testservice1
Authorization: Bearer <your-token-here>

###

### Gateway β€” GET /v1/testservice1  rate limiter check (rapid repeat)
GET {{prefix}}/testservice1
X-Forwarded-For: 10.99.99.99

###

# ── WAF probes (should return 403) ───────────────────────────────────────────

### WAF β€” SQLi in query
GET {{prefix}}/testservice1?id=1%20UNION%20SELECT%201%2C2%2C3

###

### WAF β€” XSS in query
GET {{prefix}}/testservice1?q=%3Cscript%3Ealert(1)%3C%2Fscript%3E

###

### WAF β€” Path traversal
GET {{prefix}}/testservice1?file=../../etc/passwd

###

### WAF β€” Command injection
GET {{prefix}}/testservice1?cmd=id%20%26%26%20whoami

###
Sprachen
Go 46%
JavaScript 45%
Markdown 3.3%
HTML 2.5%
YAML 1.7%
JSON 1.1%
Klonen
HTTPS