Steps to find out Host Header Attack vulnerability
This attack can be done if URL is having status code 2xx or 3xx.(where xx represent any number)
Spider website on which you are planning to attack.
After checking status code, send that particular website to Repeater.
METHOD 1
In repeater change "host" to any website (Eg: google.com).
click go and render the output if the website is redirected to Google.com then there is host header vulnerability.
METHOD 2
Change "host" to any website (Eg: google.com)
Set "X-Forwarded-Host:(Original website).
Click go and render the output if the website is redirected to Google.com then there is host header vulnerability.
METHOD 3
Set "X-Forwarded-Host:(any website).
Set "host" to Original website
Click go and render the output if the website is redirected to Google.com then there is host header vulnerability.
תגובות