From b1cf75dcb6633480a910db3409edc033613472e2 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sat, 2 Apr 2016 00:06:56 +0200 Subject: [PATCH] Added query examples --- queries.txt | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/queries.txt b/queries.txt index 2c15020..e0861b4 100644 --- a/queries.txt +++ b/queries.txt @@ -18,6 +18,18 @@ request.parameternames:csrftoken All request without a particular parameter: NOT request.parameternames:csrftoken +...only POST requests: +request.method:POST -request.parameternames.raw:"csrftoken" + +All responses without a doctype definition: +response.inferred_content_type:html -doctype + +...and only 200 responses: +response.status:200 AND response.inferred_content_type:html -doctype + +All responses that were recognized as HTML but declared as something different: +response.inferred_content_type:html -response.content_type:html + JSON ==== @@ -53,6 +65,46 @@ All requests without HEADERNAME header: } } +All requests with HEADERNAME header with value VALUE: +{ + "query": { + "nested": { + "path": "response.headers", + "query": { + "bool": { + "must_not": { + "match_phrase": { + "response.headers.name": "X-Frame-Options" + }, + "match_phrase": { + "response.headers.value": "SAMEORIGIN" + } + } + } + } + } + } +} + +All requests without HEADERNAME header with value VALUE: +{ + "query": { + "bool": { + "must_not": { + "nested": { + "path": "response.headers", + "query": { + "match_phrase": { + "response.headers.name": "HEADERNAME", + "response.headers.value": "VALUE" + } + } + } + } + } + } +} + All POST requests: { "query": {