SkillAgentSearch skills...

WcDetect

web cache deception detect

GenerateConvertImprove

Install / Use

/learn @c0dejump/WcDetect
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

wcDetect

web cache deception detect

<p align="center"> <img src="./static/wcdetect_logo.png" alt="Logo" width="320"> </p> <div align="center"> <img src="https://img.shields.io/github/v/release/c0dejump/wcDetect" alt="release version"> <img alt="Python3.7" src="https://img.shields.io/badge/Python-3.7+-informational"> </div>

Installation

Follow these steps to install wcDetect:

  1. Clone the repository to your local machine:

    git clone https://github.com/c0dejump/wcDetect.git

  2. Change Directory

    cd wcDetect

  3. Install the required dependencies:

    pip install -r requirements.txt

  4. Ensure wcDetect is running correctly:

    ./wcdetect.py -h
   # OR
python3 wcdetect.py -h

Usage

usage: wcdetect.py [-h] [-u URL] [-f URL_FILE] [-H CUSTOM_HEADERS] [-p KNOWN_PATH] [-k KEYWORD] [-hu HUMAN]
                   [-ua UA_FORCE]

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL to test [required]
  -f URL_FILE, --file URL_FILE
                        File of URLs
  -H CUSTOM_HEADERS, --header CUSTOM_HEADERS
                        Add a custom HTTP Header
  -p KNOWN_PATH, --path KNOWN_PATH
                        If you know the path, Ex: -p my-account
  -k KEYWORD, --keyword KEYWORD
                        If a keyword must be present in the poisoned response, Ex: -k codejump
  -hu HUMAN, --human HUMAN
                        Performs a timesleep to reproduce human behavior (Default: 0s) value: 'r' or 'random'
  -ua UA_FORCE, --ua UA_FORCE
                        If need a specific user-agent (Default: random)

Arguments

# With multiple headers
» ./wcdetect.py -u https://0a4f00ae0447a9ce801a03a500ea0097.web-security-academy.net/ -H "Cookie: session=OocpsiwqB6XOUkBkBDuqEHUb2BxYEvbC" -H "x-forwarded-host: toto"

# With specific keyword and path
» ./wcdetect.py -u https://0a4f00ae0447a9ce801a03a500ea0097.web-security-academy.net/ -H "Cookie: session=OocpsiwqB6XOUkBkBDuqEHUb2BxYEvbC" -p my-account -k wiener

Examples

example 1

Features

  • Path traversal confusion
  • WCD Formatting (?format, ?query...)
  • WCD tracking param (?utm_source...)
  • Testing multiple payloads and extensions (modules/payloads.py)

Informations

If you want to test the script:

  • https://portswigger.net/web-security/web-cache-deception

To retrieve the session cookie quickly and easily:

  • https://cookie-editor.com/
  • https://addons.mozilla.org/fr/firefox/addon/get_cookies/

If you want to add payloads or other items

  • modules/payloads.py

Related Skills

node-connect

347.2k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

108.0k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

347.2k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

qqbot-media

347.2k

QQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。

c0dejump

View profile

View on GitHub
GitHub Stars41
CategoryDevelopment
Updated12d ago
Forks4
c0dejump/wcDetect

Languages

Python

Security Score

75/100

Audited on Mar 22, 2026

No findings