Host Header Attack : Open Redirection

Hello Folks 👋,

Parth, this side from BUG XS team. In this blog I am going to discuss about Host header attack for Open Redirection. This blog is for someone who has just started into bug bounty. If you have any queries , do reach us out here.

As a community we regularly post tips and tricks for bug bounty hunting on our Instagram and Linked in profiles. Do check it out. ❤

Steps to find out Host Header Attack vulnerability

  • This attack can be done if URL is having status code 2xx or 3xx.(where xx represent any number)
  • Spider website on which you are planning to attack.
  • After checking status code, send that particular website to Repeater.

METHOD 1

  • In repeater change “Host” to any website (Eg: google.com).
  • click go and render the output if the website is redirected to Google.com then there is host header vulnerability.

METHOD 2

  • Change “Host” to any website (Eg: google.com)
  • Set “X-Forwarded-Host:(Original website).
  • Click go and render the output if the website is redirected to Google.com then there is host header vulnerability.

METHOD 3

  • Set “X-Forwarded-Host:(any website).
  • Set “Host” to Original website
  • Click go and render the output if the website is redirected to Google.com then there is host header vulnerability.

Now to try more advance attack you can even lookout for IDN Homo-graphics Attacks or try to encode the payload.

If you read till here. Let’s Connect!

Instagram ( Community ) : https://www.instagram.com/bug_xs/

Website ( Community ) : https://www.bugxs.co/

Website (Personal ) : https://www.parthshu.com

I hope you found this productive! 🙌

See you soon guys ❤