Host Header Attack : Open Redirection

Steps to find out Host Header Attack vulnerability

  • This attack can be done if URL is having status code 2xx or 3xx.(where xx represent any number)

  • Spider website on which you are planning to attack.

  • After checking status code, send that particular website to Repeater.

METHOD 1 

  • In repeater change "host" to any website (Eg: google.com).

  • click go and render the output if the website is redirected to Google.com then there is host header vulnerability.

METHOD 2

  • Change "host" to any website (Eg: google.com)

  • Set "X-Forwarded-Host:(Original website).

  • Click go and render the output if the website is redirected to Google.com then there is host header vulnerability.


METHOD 3

  • Set "X-Forwarded-Host:(any website).

  • Set "host" to Original website

  • Click go and render the output if the website is redirected to Google.com then there is host header vulnerability.



5 views
  • Instagram
  • LinkedIn
  • Facebook

©2020 by Parth Shukla