Host Header Attack : Open Redirection

  • This attack can be done if URL is having status code 2xx or 3xx.(where xx represent any number)
  • Spider website on which you are planning to attack.
  • After checking status code, send that particular website to Repeater.
  • In repeater change “Host” to any website (Eg: google.com).
  • click go and render the output if the website is redirected to Google.com then there is host header vulnerability.
  • Change “Host” to any website (Eg: google.com)
  • Set “X-Forwarded-Host:(Original website).
  • Click go and render the output if the website is redirected to Google.com then there is host header vulnerability.
  • Set “X-Forwarded-Host:(any website).
  • Set “Host” to Original website
  • Click go and render the output if the website is redirected to Google.com then there is host header vulnerability.

--

--

--

Security Analyst, Bug XS Community Leader

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Type Runner Hack Free Resources Generator

Privacy Policy of the Gelatik LLC application

How to Buy a Solidray Token (SRT)

Mollector Token Airdrop Phase (Till 23 March 2022)

Zoom Protocol: Token Metrics

Quackerjack (192.168.61.57) (GTW/Intermediate)

Tokenomics Change: More utility for PCA

VPNs: Who? What? When? Where? Why? And How?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Parth Shukla

Parth Shukla

Security Analyst, Bug XS Community Leader

More from Medium

QRCDR Path Traversal Vulnerability

Gaining Unauthorized Camera Access via Safari UXSS — CVE-2021–30861, CVE-2021–30975

Let’s do a peek inside the admin’s dashboard: Abuse API endpoint

IDOR EXPLAINED!