Custom Payloads
Extend Hacker Bot with your own test cases.
When to Use Custom Payloads
- Testing application-specific vulnerabilities
- Targeting custom input validation logic
- Testing for known CVEs in your dependencies
- Industry-specific attack patterns
- Re-testing previously found issues
Payload Format
Define custom payloads in YAML or JSON:
payloads:
- name: "Custom SQLi Payload"
type: sqli
value: "admin'--"
detection:
type: error_based
patterns:
- "SQL syntax error"
- "mysql_fetch"
- name: "NoSQL Injection"
type: nosqli
value: '{"$gt": ""}'
content_type: application/json
detection:
type: differential
- name: "Custom Header Injection"
type: header_injection
headers:
X-Custom: "test\r\nX-Injected: true"
detection:
type: response_header
header: "X-Injected"Adding to Scans
Include custom payloads in your scan configuration:
{
"target": "https://example.com",
"profile": "standard",
"custom_payloads": {
"file": "./payloads/custom.yaml",
"append": true
}
}append: true adds to default payloads. Set false to replace.
Detection Methods
| Type | Description |
|---|---|
| error_based | Look for error patterns in response |
| differential | Compare responses between payloads |
| time_based | Measure response time differences |
| response_header | Check for specific response headers |
| callback | Wait for out-of-band callback |
Variables & Encoding
Use variables and encoding in payloads:
payloads:
- name: "SSRF with callback"
type: ssrf
value: "https://{{CALLBACK_HOST}}/ssrf-test"
- name: "Encoded XSS"
type: xss
value: "<script>alert(1)</script>"
encoding:
- url
- html
- name: "With random token"
type: custom
value: "test-{{RANDOM_HEX_8}}"
Payload Library
Access community-contributed payloads:
- • Browse at Settings → Payload Library
- • Import tested payloads from the community
- • Share your payloads (optional)
- • Rate and review effectiveness