some small fixes

Web_Exploits/README.md

@@ -2,26 +2,36 @@
 
 ## OS Command Injection
 
+---
+
 ## SQLi
 
 - Brute force password
 - Timed SQLi
 - Cookie force brute
 
+
+--- 
 ## PHP Shells
 
 - php primer
 - xor
 - exploits
 
+----
+
 ## Scanners
 
 - heartbleed
 
+
+-----
 ## User ID
 - cookie auth
 - user id
 
+----
+
 ## Other Resources
 
 #### When we have a Website/IP Address:
@@ -39,14 +49,58 @@
 - Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).
 
 
+-----
+
+## URLs
+
+#### Octal
+
+- Example: http://017700000001 --> 127.0.0.1
+
+- For example 206.191.158.50:
+
+((206 * 256 + 191) * 256 + 158 ) * 256 + 50 = 3468664370.
+
+Now, there is a further step that can make this address even more obscure. You can add to this dword number, any multiple of the quantity 4294967296 (2564) 
 
 
-#### Tools
+#### Great @
+
+-Everything between "http://" and "@" is completely irrelevant
+
+```
+http://doesn'tmatter@www.google.org
+http://!$^&*()_+`-={}|[]:;@www.google.com
+```
+
+- @ symbol can be represented by its hex code %40 
+- dots are %2e
+
+
+
+----
+
+## HTTP
+
+The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers):
+- User-Agent: browser version information
+- Host: URL hostanme
+- Accept: supported MIME documents( such as text/plain or audio/MPEG)
+- Accept-Language: supported language codes
+- Referer: originating page for the request
+
+
+
+-----
+## Tools
 
 - [Burp Suite]
 - [FireBug] in Firefox
 
 
+
+
+
 -----------------
 [FireBug]: http://getfirebug.com/
 [Burp Suite]: http://portswigger.net/burp/