By | December 30, 2020

In this article, we are telling you about Host Header Injection Attack. You must have heard about HTTP Host Header attack or Host Header Injection Attack.

Here we are telling you practically about Host Header Injection Attack, here we are telling you live on the website how Host Header Injection Attack works.

Here we cannot tell you the website, but everything will be told to you, as well as you are being told by solving the lab on the website of portswigger, all of this is being told to you for educational purpose.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

Host Header Injection Attack

Before going into practical about Host Header Injection attack, you should know what is Host Header Injection attack, let us tell you about it in detail.

Here if you are able to redirect to another domain through a domain, in such a way you can say that it is Host Header Injection attack.

Host Header Injection

For example, if you have a domain freelearningtech, you have captured the request of this domain through the burp suite. If you are changing the host and redirecting it to another domain, it is called Host Header Injection attack.

How to Use Burp Suite

Here we are telling you by solving this attack lab as well as we are also telling you live how hackers find Host Header Injection attack bug in a website, it is all being told to you for educational purpose.

There is not a way to attack Host Header Injection here, but if you are able to solve all the labs of portswigger, then you will know about different methods of finding this bug.

Also Read

What is oauth 2.0 authentication vulnerability

How to do os command injection attack

What is web cache poisoning vulnerability

Example of Host Header Injection Attack ?

Let us now show you the Host Header Injection attack practically, here first you have to run the burp suite normally as you have been told in all the earlier articles.

https://portswigger.net/web-security/host-header/exploiting/lab-host-header-authentication-bypass

Host Header Injection

After running the burp suite, you can solve the host Header Injection attack lab by bypassing the admin panel here and deleting the carlos account, this lab is solved, here you have to access the lab.

Host Header Injection

As you can see in the image, after accessing the lab, you get a get request in the burp suite’s http history, you get a show in the burp suite.

Host Header Injection

Here you have to send this request to the repeater, after this you have to change the host, here you get the lab address in the host like we have given google.com here, you also have to do something similar.

Here you can see the response, you get the same response even after changing the host, in the same way if you get on a live website, you can understand that you have found the Host Header Injection attack bug.

Host Header Injection

After all this you robot.txt file has to be accessed here, you have been told earlier about the robot.txt you get the information which pages have been allowed and disallow.

As you can see in the image, from here we have got the url of the admin page, here you have to access the admin page through the url, here you get an error like this.

Host Header Injection

After doing all this you get admin url in burp suite as you can see in image here you have to send this get admin request to repeater

Host Header Injection

After sending repeater, you have to change the host like we previously did in the host google.com was given here, you have to give localhost, after this, you have to send the request as you can see in the image.

Host Header Injection

Here you get a carlos account, in response you can see by searching by searching as well as you can also check by rendering here, you will have got access to admin panel and you will also be showing users account.

What is username enumeration vulnerability

After doing all this, you have to send the request to delete the carlos user through the get request as you can see in the image here only your lab will be solved by deleting the carlos user.

After doing all this, you will be able to see a message show of congratulations, here we want to clear you one thing, if you have followed all our articles, in such a way you will be able to solve labs without any help.

In this way, when you do Host Header Injection attack on some kind of live website, you get redirected as you can see in the image, here we have used a website which has Host Header Injection attack bug.

In such a situation, we have forwarded the request here on bing.com, in such a way you can see that due to the Host Header Injection attack bug in the website, we left here. Can easily redirect to bing.com

In the same way we have done it here in the url via wp -admin. If the Host Header Injection attack bug does not happen in the targeted website, you cannot redirect to another domain through such burp suite.

What are dom based vulnerabilities

Here we have found wp -admin through scanning, how we have found it and how we have found out that this url can be redirected here, you cannot be told you can understand that there are some limitations here

As you can see in the image here, when we google.com. You have tried Host Header Injection attack in such a way that we are not able to redirect to any other domain in some way, you can check it by yourself.

The Conclusion

I hope that now you can understand about the Host Header Injection attack. We have told you about it live here as well as you have also been told by lab solve here.

It is not that here you get only this much in this attack, it is not possible to tell you live here, so in this way we have tried to tell you about different types of bugs by solving labs here.

Here you get more labs of Host Header Injection attack, which you can try to solve by yourself, if you have any kind of problem in solving labs, you can ask in the comments.

If you have any kind of question related to ethical hacking, in such a way, you can ask us in a comment, we will help you completely, if you like this article of ours, then definitely share it.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *