EPISODE · Nov 12, 2025 · 10 MIN
Course 3 - Mastering Nuclei for Bug Bounty | Episode 5: Matching Conditions in the Body and Header
from CyberCode Academy · host CyberCode Academy
In this lesson, you’ll learn about:POST-based matchers in Nuclei — overview: moving from simple GET checks to POST requests that include payloads; used when the vulnerable endpoint expects body data.Matching in the body:Set request method: post and provide body: (key=value pairs, e.g., search=apple or YAML-style search: apple).Create matchers that look for a word (e.g., apple) in the response body and typically assert a status code (e.g., status: 200) for a confident hit.Matching in response headers:Use part: header in the matcher to check for values that appear in response headers (e.g., a custom header containing apple).Combine header matching with status checks for precision.Template authoring workflow:Build the requests block with method: POST, path, and body:.Add matchers specifying type: word or type: regex, part: body or part: header, and optional status conditions.Validation & debugging:Validate YAML syntax with a linter (YAML Lint) before running.Use -debug and -v to print exact HTTP requests/responses Nuclei sends/receives.Proxy through Burp Suite to capture the POST request, inspect the response, and confirm the matcher logic works as intended.Practical tips:Ensure correct Content-Type headers (e.g., application/x-www-form-urlencoded or application/json) in the template if the endpoint requires it.When matching JSON responses, prefer type: regex to safely extract values (e.g., \"key\"\s*:\s*\"apple\").Test locally on a safe target or staging environment before broad runs.Combine body and header matchers when possible to reduce false positives.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy
What this episode covers
In this lesson, you’ll learn about:POST-based matchers in Nuclei — overview: moving from simple GET checks to POST requests that include payloads; used when the vulnerable endpoint expects body data.Matching in the body:Set request method: post and provide body: (key=value pairs, e.g., search=apple or YAML-style search: apple).Create matchers that look for a word (e.g., apple) in the response body and typically assert a status code (e.g., status: 200) for a confident hit.Matching in response headers:Use part: header in the matcher to check for values that appear in response headers (e.g., a custom header containing apple).Combine header matching with status checks for precision.Template authoring workflow:Build the requests block with method: POST, path, and body:.Add matchers specifying type: word or type: regex, part: body or part: header, and optional status conditions.Validation & debugging:Validate YAML syntax with a linter (YAML Lint) before running.Use -debug and -v to print exact HTTP requests/responses Nuclei sends/receives.Proxy through Burp Suite to capture the POST request, inspect the response, and confirm the matcher logic works as intended.Practical tips:Ensure correct Content-Type headers (e.g., application/x-www-form-urlencoded or application/json) in the template if the endpoint requires it.When matching JSON responses, prefer type: regex to safely extract values (e.g., \"key\"\s*:\s*\"apple\").Test locally on a safe target or staging environment before broad runs.Combine body and header matchers when possible to reduce false positives.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy
NOW PLAYING
Course 3 - Mastering Nuclei for Bug Bounty | Episode 5: Matching Conditions in the Body and Header
No transcript for this episode yet
Similar Episodes
Dec 23, 2025 ·11m
Dec 17, 2025 ·10m