Host Header

Common Headers for Host Header Injection Attack:-

  1. Host:

  2. X-Host:

  3. X-Forwarded-For:

  4. X-Forwarder- Host:

  5. X-Forwarder- Server:

  6. Forwarded:

  7. X-HTTP-Host- Override:

  8. X-Forwarded-Proto headers:

Typical Host Header Injection Bypass: POST /endpoint/ HTTP 1.1 Host: http://evil.com Response: 403, 404 Bypass: POST /https://endpoint/ HTTP 1.1 Host: http://evil.com Response: 200, 302 Give it a try!!

Last updated