Example Signatures
Take a look at this repo repo for more examples.
Single signature
Sending request to URLs with append /_debugbar/open?max=20&offset=0 and look for {"id":" string in the reponse if it success.
List signature
Sending request to URLs with append /{{.jira}}plugins/servlet/gadgets/makeRequest?url=https://127.0.0.1:443@{{.ssrf}} with {{.jira}} and {{.ssrf}} get from variables.
Simulate Directory Bruteforce with content from /tmp/sensitive_paths.txt. Confirm the path exist if Secret is in the reponse or Not Found word isn’t in the repsonse and different lengoth of the request and original > 1000.
Fuzz signature
Repeat request recive from API and change replace the query value by the payload and look for error in the response.
Repeat exactly request recive from API and change Content-Type of it and look for change in status code and response length to confirm that Content-Type can be used in application.