What's new
  • Welcome to PHCorner Forums. Take a moment to Sign up and gain unlimited access and extra privileges that guests are not entitled to, such as: All that and more! Registration is quick, simple and absolutely free. Join our community today!

How to generate http injector payload based on host's response header


Honorary Poster
Feb 17, 2016
Reaction score
, Last edited:
Good day PHC!
Today I will share the way kung pano ako gumagawa ng payload.

Talas ng Isip
Mahabang pasensya

Host URL used in this example is google based.
SIM used: TM (no regular load and promo)
APN used: Default

Okay, since alam niyo na ang pinaka basic sa paggawa ng ehi config, from creating an ssh account to what and where to put values. Diretso na tayo.

Look for a host for your payload.
Example: m.google.com
or you can look for a more unique host.
Use a reverse IP look up tool.
Here is an example of a website which has a reverse ip tool:
You must register or login to view this.

Just query your favorite website/host, then it will show you all websites hosted by the same domain. Then choose ONE.

Look for a working Remote Proxy.
Search it on google, it's free.
Ex. You must register or login to view this.
*You can also use a Squid proxy from your favorite SSH hosting website.
*Always check your proxy status for better connection.
Search "proxy checker" on google, it's free.
Ex. You must register or login to view this.
For First and Second: Not all host can recieve and give the same response to a single proxy and not all proxy can request and recieve the same response from a single host.So keep hunting the best match.
Let's use the Host Checker from the HTTP Injector itself, to know what response header that your host will return to your proxy.
As shown above, the host reponded status 301 Moved Permanently with GET request method. So if you use the GET request in generating your payload, you will get the same response. Now, you have an idea what to avoid.
This status may give you trouble connecting.
Also notice the Connection status, "Keep-alive".
I personally choose host with "Connection: keep-alive" in its header, because it means that,when the host recieved a request and granted a connection, it will keep the gateway open until the client will close it.

Status 301 Move Permanently means, the host either redirect you to its main domain or your local ip/remote proxy is blacklisted/blocked from accessing the host.
So we need to set our payload correctly.
How do we know?
We MUST AVOID seeing the "Status 301" or any other status aside from Status 200, in our log. So keep on trying until the Status 301 is eliminated.

*You can also try different request aside from GET in Host Checker, you might run into a status 200 response. That way, you will have an idea what request to use and avoid.

Set your payload.

Setting that returned status 301 (Wrong method)
The log shows a successful connection because the HTTP injector, resend another request, a correct request for status 200.

What does it mean? It means that your settings is wrong.
You might say that it doesnt matter as long as it is connected. But NO, based on my experience, my config that has a different status aside from Status 200, did not work on others and has disconnection issues.
Also, it does not mean that your settings is faster than Status 200, or you may think and feel that its cool. Then you're wrong. An error is always an error, and say thank you to http injector for correcting you.

Setting that returned Status 200 at first response (Correct method)
So, here we have a status 200. As you can see I used the CONNECT request method. The most common and simple type of method. How did I know that I need to use this type of method to get a status 200 response.
If we go back to the Host Checker, the "content type" says "txt/html" and no more other content (cookies, complex caching method etc) status or header fields indicating a complex data are displayed. It means this host does not contain any complicated codes(php,flash,databases etc). So it is not neccessary to use GET or any method to request for a complicated response, a simple CONNECTion is enough for the host to establish a successful handshake.

If you are still getting an error after using all the request methods. Its tme for you to experiment with extra options.
Read below.
As a summary, to save you time, look for a good proxy then find an alive host that returns status 200. So you won't waste your time experimenting your payload string.

If you are wondering what to tick and not in the payload generator, well I myself with all honesty cannot translate it into human words. :D Just think of it as add ons, it refers to the content of the header. It is like ordering a food in a restaurant,let's say you ordered a bowl of soup and you want an additional seasoning. You can tick anything as you want but the turning point is, if the header content says you're requesting too much. Then it will give an error response. To be safe, tick one at a time until you get a nice recipe. The only important part of your payload is the type of request, CONNECT, GET, POST, PUT, etc. Even if your request header doesnt have a it is still valid.
EDIT 2: Some terms that might help.

Front Query - mahirap ito e-explain. anyway, pag naka activate to ilalagay ng injector ang IP address at port ng SSH kasama sa Host URL mo.
You must register or login to view this.
You must register or login to view this.
So ano ang effect? Instead na You must register or login to view this. lng ang Host mo ay maging You must register or login to view this.
Pwede niyo itong gamitin sa pagexperiment dahil considered ito as a häçk, para linlangin ang ISP.

Back Query - kapareho lng ng front query pero baliktad.
You must register or login to view this.

*Ang pag-gamit ng front at back query ay the same proccess ng mga web proxy.
Ano ang web proxy?
Ex. You must register or login to view this.
Sa web proxy, mabbrowse mo ang mga website na naka block sa country/school/office mo.
So same logic with front and back query. Sa Globe/TM/Smart/TnT/Sun etc, kahit connected ang mobile data mo, no browse ka kapag wala kang promo. So sa pag inject mo ng code sa HTTP request, maaring makapasok ka gamit ang dalawang query method na to. Take note, MAAARI lamang, hindi 100% success.

Rotate - Aactivate niyo to pag marami kayong gagamiting host.
Ex. You must register or login to view this.
Ito yung ginagamit ng mga nakikita niyong post with multi-payload. Ang benefit neto ay makakapag retain ng reconnection incase na madisconnect ang isang host or nagreturn ng error status code at hindi kayang i-reconfigure ng injector.
You must register or login to view this. - status 400
Injector sent status 200 request - Failed
proproceed ang injector sa next host
You must register or login to view this. - status 200
connection successful

So, ang term na multi-payload ay hindi ibig sabihin na magsesend sya ng request sa lahat ng host mo at the same time. Isa-isa lang po. Hindi ito nakaka-apekto sa speed, siguro a safer config lang, since ma-preprevent mo ang point of failure ng mga host and more flexibility sa proxy's side, kasi marami kang host, a bigger chances ng kahit magpapalit-palit ka ng proxy e my makukuha kang status 200. Ang pag switch to next host ay hindi nangyayari in one injection lang.
(inject host1➡failed➡disconnect➡reconnect➡inject host2....and so on)

Front Inject - Unang ipapadala ang request header natin bago ang ssh,ip,rp at iba pa.

Back Inject - ipapadala muna ng injector ang ssh,ip,rp at iba pa bago ang request header

Online Host & Forward Host - option eto kung gusto mong ipapa-alam ky host kung ano ang ginagamit mung gateway (ito yung local ip, dns, remote proxy at iba pa). So ang effect, kung si host ay ina-allow ang gateway na gamit mo or hindi. Since each host has their own security. Just like how school and offices is blocking outside browsing. Ito yung mga X-Options-**** na makikita mo sa response header sa Host Checker

Reverse Proxy - gagamitin ng injector as proxy ang host mo. (server by server access). So ang proxy na marerecieve ni host ay yung sarili nyang IP, disregarding your RP/squid.

User Agent - Simple as kung gusto mo ipaalam ky host kung anong gamit mung platform pang access. Ex. chrome, firefox, IE, android platform at iba pa.

Keep Alive - option ito upang manghinge ng permission ky host na kung pwede ay gawing Keep-Alive ang connection, kahit na "close" ang status nya sa host checker.

Split (Instant and Delay) - injection option ito for an attack, kung baga häçker na häçker ang dating mo. Kapag nachambahan mung my bug or system issue ang Host na inaatake mo, magkakaroon ka ng kapangyarihan na diktahan ang Host kung anong gusto mong response. Ang ginagawa nito sa back end side ay nagpapadala sya ng dalawang HTTP body, request body at response body. So pag kumagat ang method mo, ma-o-override ang response header ng ginawa mung body, ito yung mga naka check sa extra sa payload generator mo at kahit na hindi naka allow ang request method (GET,PUT,POST etc), magbabato parin si header ng status 200 kapag successful ang attack. kaya kadalasan, nagkakaroon tayo ng error code dito dahil hindi basta basta ang security ng mga host.

Check this link for HTTP request method definition:
You must register or login to view this.

So far yan pa lang ang medyo naintndhan ko. Always do your own research. Hindi lang ito magagamit sa HTTP Injector kundi pati sa ibang VPN apps.
EDIT 3: Troubleshooting Tips
P: You're getting Status 200 but returned connection lost.
A: Change SSH port, 22/443
P: Still getting connection lost.
A: Change your remote proxy.

If the above troubleshooting did not work. Then it's time for you to work on your payload settings or you may change the host.
So, ayan lang po. Kayo na lang ang humusga. Di ko na eexplain kung pano ko kinalikot ang Payload, kasi random trial and error yan. Haha Pinakita ko lang kung paano mag base ng Payload sa response header. Hindi din po ako experto, so pag pasensyahan niyo na kung my mali akong naisulat, at mas mabuti kung i-correct niyo. Im glad to learn.
Personal experience is mas mabilis mag-inject ang status 200 na setting kesa sa ibang status.

Another Note: Kelangan mo ng internet connection pag gumamit ng host checker at sa paghahanap ng mga host at proxy.

Disclaimer: This tutorial does not guarantee you a free working internet from any ISP. This only serves as a guideline for you to explore on how to make it free that comes with your effort. More power to the army! :D

*Kung my naiasulat man ako na may kaparehong post or may naunang thread, I give credit to all of them. I made this solely based on my own venture.

Questions? Drop it in the comment box. I'll try my best to answer it.
Thank you for reading! Goodluck!

Remember you are a human,
the highest being in the animal kingdom,
not a sponge.



I don't understand your language sir.I want to know how to tick query req method and extra header.I have free isp payload host(bug host) but I did how to tick pls explain

Unanswered Topics