Host Header Attack : Cache Poisoning

Please refer Host Header Attack previous post before reading this one

Steps to perform Cache Poisoning Attack:

  1. Find URL in burp suite having status code 2xx | 3xx.

  2. After intercepting the website, send it to intruder and change host to any website (Eg:

  3. Click go and search in response for the website you have entered(Eg: here bing).

  4. If found, Right-click where you changed the host name and click on "show response in browser".

  5. Try every clickable item on the webpage, if it is getting redirected to a website( which you have entered in the host field) then there is a vulnerability.

25 views0 comments

Recent Posts

See All