Panduan Lengkap Payload HTTP Injector: Analisis & Contoh Praktis

AWVR VERSE Posting Komentar
... minutes read

Berikut adalah analisis mendalam dan panduan penggunaan payload HTTP Injector berdasarkan data yang Anda berikan, dengan contoh bug www.i-sekai.my.id.

  1. KONSEP DASAR PAYLOAD

Payload HTTP Injector adalah string request yang dimodifikasi untuk membypass routing provider dengan menyisipkan SSH server di dalam header HTTP/Websocket. Struktur dasar:

(METHOD) (SCHEME)/(PATH)/(SNI)/(PROXY)/* HTTP/1.1[crlf](HEADER)[crlf][crlf]

Placeholder yang digunakan:

  • [crlf] = Carriage Return Line Feed (pemisah baris)
  • [ua] = User-Agent (akan diisi otomatis oleh HTTP Injector)
  • (SSH) = Host SSH Anda (contoh: 220.256.78.90:22)
  • (SNI) = Bug Host (contoh: www.i-sekai.my.id)
  • (PATH) = Path/location (contoh: /, /ws, /api)
  • (PROXY) = IP Proxy (opsional)
  1. SKEMA PROTOKOL

🟢 Skema HTTP2 (Port 80) Digunakan untuk koneksi non-SSL dengan upgrade ke HTTP2.

  • Format: h2c://bug.com
  • Contoh Payload:
GET h2c://www.i-sekai.my.id/ HTTP/1.1[crlf]Host: 220.256.78.90:22[crlf]Connection: Upgrade, HTTP2-Settings[crlf]HTTP2-Settings: [crlf]Upgrade: h2c[crlf]Alt-Svc: h2c=":80"[crlf][crlf]

🟡 Skema Websocket (Port 80) Koneksi websocket standard tanpa enkripsi.

  • Format: ws://bug.com
  • Contoh Payload:
GET ws://www.i-sekai.my.id/ HTTP/1.1[crlf]Host: 220.256.78.90:22[crlf]Connection: Upgrade[crlf]User-Agent: [ua][crlf]Sec-Websocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==[crlf]Sec-Websocket-Version: 13[crlf]Upgrade: websocket[crlf][crlf]

🔴 Skema Websocket SSL/TLS (Port 443) Koneksi websocket aman dengan SNI spoofing.

  • Format: wss://bug.com
  • Contoh Payload:
CONNECT wss://www.i-sekai.my.id:443 HTTP/1.1[crlf]Host: www.i-sekai.my.id:443[crlf]Connection: Keep-Alive[crlf]Expect: 100-continue[crlf][crlf]
  1. METODE HTTP

Basic Methods (Standar)

  • GET - Mengambil data (paling umum digunakan)
  • HEAD - Mirip GET tapi tanpa body response
  • PUT - Mengirim data untuk update
  • CONNECT - Membuat terowongan ke server (penting untuk SSL)
  • POST - Mengirim data ke server

Custom Methods (Modifikasi) Digunakan untuk bypass filter provider:

  • _ (underscore)
  • - (strip/hyphen)
  • G-G (modifikasi GET)
  • `--
  • -----

Contoh Praktis Custom Method:

_- ws://www.i-sekai.my.id/ HTTP/1.1[crlf]Host: 220.256.78.90:22[crlf]Upgrade: websocket[crlf][crlf]
  1. JENIS HEADER

🟢 Header Websocket

Host: 220.256.78.90:22[crlf]Connection: Upgrade[crlf]User-Agent: [ua][crlf]Sec-Websocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==[crlf]Sec-Websocket-Version: 13[crlf]Upgrade: websocket

🟡 Header HTTP2

Host: 220.256.78.90:22[crlf]Connection: Upgrade, HTTP2-Settings[crlf]HTTP2-Settings: [crlf]Upgrade: h2c[crlf]Alt-Svc: h2c=":80"

🔴 Header Biasa (Keep-Alive)

Host: www.i-sekai.my.id[crlf]Connection: Keep-Alive[crlf]Expect: 100-continue[crlf][crlf]
  1. MAIN PAYLOADS LENGKAP

🟢 Mode CloudFront/CloudFlare CDN (Port 80)

GET / HTTP/1.1[crlf]Host: 220.256.78.90:22[crlf]Connection: Upgrade[crlf]User-Agent: [ua][crlf]Sec-Websocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==[crlf]Sec-Websocket-Version: 13[crlf]Upgrade: websocket[crlf][crlf]

🟡 Mode CloudFlare Proxy SSL (Port 443)

GET wss://220.256.78.90:22 HTTP/1.1[crlf]Host: 220.256.78.90:22[crlf]Connection: Upgrade[crlf]User-Agent: [ua][crlf]Sec-Websocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==[crlf]Sec-Websocket-Version: 13[crlf]Upgrade: websocket[crlf][crlf]

🔴 Mode Local Websocket (Direct)

GET /ws HTTP/1.1[crlf]Host: www.i-sekai.my.id[crlf]Connection: Upgrade[crlf]User-Agent: [ua][crlf]Sec-Websocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==[crlf]Sec-Websocket-Version: 13[crlf]Upgrade: websocket[crlf][crlf]
  1. CONTOH KOMBINASI LENGKAP

Pilihan 1: Websocket Direct (Paling Umum)

GET ws://www.i-sekai.my.id/ HTTP/1.1[crlf]Host: 220.256.78.90:22[crlf]Connection: Upgrade[crlf]User-Agent: [ua][crlf]Sec-Websocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==[crlf]Sec-Websocket-Version: 13[crlf]Upgrade: websocket[crlf][crlf]

Keterangan:

  • ws:// = Skema websocket port 80
  • www.i-sekai.my.id = Bug host Anda
  • 220.256.78.90:22 = IP SSH server Anda
  • [ua] = Akan otomatis diganti HTTP Injector

Pilihan 2: HTTP2 Upgrade

GET h2c://www.i-sekai.my.id/ HTTP/1.1[crlf]Host: 220.256.78.90:22[crlf]Connection: Upgrade, HTTP2-Settings[crlf]HTTP2-Settings: [crlf]Upgrade: h2c[crlf]Alt-Svc: h2c=":80"[crlf][crlf]

Pilihan 3: CONNECT Method (Untuk SSL)

CONNECT www.i-sekai.my.id:443 HTTP/1.1[crlf]Host: www.i-sekai.my.id:443[crlf]Connection: Keep-Alive[crlf]Expect: 100-continue[crlf][crlf]

  1. TIPS PRAKTIS HTTP INJECTOR

  2. Ganti placeholder dengan data Anda:

    • www.i-sekai.my.id → Bug host yang berfungsi
    • 220.256.78.90:22 → IP dan port SSH Anda
    • (PATH) → Coba /, /ws, /api/v1

  3. Header bisa dikombinasi:

   GET ws://www.i-sekai.my.id/ws HTTP/1.1[crlf]Host: 220.256.78.90:22[crlf]Connection: Upgrade, Keep-Alive[crlf]User-Agent: [ua][crlf]Sec-Websocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==[crlf]Sec-Websocket-Version: 13[crlf]Upgrade: websocket[crlf]X-Online-Host: www.i-sekai.my.id[crlf][crlf]

  1. Test urutan [crlf]:

    • Minimal 2 [crlf] di akhir
    • Tambahkan ekstra [crlf] jika koneksi timeout

  2. Provider yang block port 22? Gunakan port non-standar di SSH:

   GET ws://www.i-sekai.my.id/ HTTP/1.1[crlf]Host: 220.256.78.90:3300[crlf]...
  1. KESIMPULAN

Payload terbaik tergantung pada:

  • Bug host: www.i-sekai.my.id (ganti dengan bug aktif Anda)
  • Port: 80 (ws/h2c) atau 443 (wss/CONNECT)
  • Provider: Test metode CUSTOM (_-, G-G) jika HEAD/GET diblock

Rekomendasi starter:

GET ws://www.i-sekai.my.id/ HTTP/1.1[crlf]Host: 220.256.78.90:22[crlf]Connection: Upgrade[crlf]User-Agent: [ua][crlf]Sec-Websocket-Key: dXP3jD9Ipw0B2EmWrMDTEw==[crlf]Sec-Websocket-Version: 13[crlf]Upgrade: websocket[crlf][crlf]

Copy payload di atas → buka HTTP Injector → Menu Payload → Paste → Generate → Save → Connect!

Tags:
Lebih lamaTerbaru

Related Posts

Memuat…

Posting Komentar