-
Notifications
You must be signed in to change notification settings - Fork 0
HTTP host header attack
HTTP host header attacks are a type of web application attack that involves manipulating the Host header in HTTP requests to exploit vulnerabilities in web applications. The Host header is used to specify the domain name of the server that a client is attempting to communicate with. In a typical HTTP request, the Host header is sent as part of the request headers.
This attack involves manipulating the Host header in order to poison the cache of a web application. An attacker can send a request to a proxy server with a malicious Host header, causing the proxy to cache the response from a malicious server instead of the intended server. This can result in users being served malicious content from the cache. Example: An attacker can send a request to a proxy server with the Host header set to a domain name they control. The proxy server will then cache the response from the attacker's server, allowing the attacker to serve malicious content to users who visit the cached page.
This attack involves manipulating the Host header to inject malicious JavaScript into a web page. The attacker can set the Host header to a domain they control, and then use JavaScript to steal sensitive information from the victim's browser. Example: An attacker can send a request to a vulnerable web application with the Host header set to a domain they control. The application may then include the value of the Host header in a JavaScript block on the page, allowing the attacker to execute arbitrary code in the victim's browser.
This attack involves manipulating the Host header to force a web application to make requests to internal or external systems that the attacker controls. The attacker can set the Host header to a domain name they control, and then trick the application into making requests to a server they control. Example: An attacker can send a request to a vulnerable web application with the Host header set to an internal IP address. The application may then make requests to the internal system specified in the Host header, allowing the attacker to bypass firewalls and access sensitive information.
This attack involves manipulating the Host header to hijack a domain name. The attacker can set the Host header to a domain name they do not control, and then use this to trick users into visiting a phishing site or downloading malware. Example: An attacker can send a request to a vulnerable web application with the Host header set to a domain name they want to hijack. The application may then include links to the hijacked domain on the page, tricking users into visiting the attacker's site.
Description: Manipulating the Host header to poison the cache of a web application. Example: Attacker sets the Host header to a domain name they control, causing the proxy to cache the response from a malicious server.
Description: Manipulating the Host header to inject malicious JavaScript into a web page. Example: Attacker sets the Host header to a domain they control, then uses JavaScript to steal sensitive information from the victim's browser.
Description: Manipulating the Host header to force a web application to make requests to internal or external systems that the attacker controls. Example: Attacker sets the Host header to an internal IP address, allowing them to bypass firewalls and access sensitive information.
Description: Manipulating the Host header to hijack a domain name. Example: Attacker sets the Host header to a domain name they do not control, tricking users into visiting a phishing site or downloading malware.
- Validate and sanitize all input
- Implement input filtering and data validation checks
- Use a Content Security Policy (CSP) to limit the sources of JavaScript and other executable code
- Implement SSL/TLS encryption to prevent interception and modification of requests and responses
- Monitor server logs and detect anomalies in Host header values
Note: This cheat sheet is not comprehensive and is intended as a quick reference guide only. It is important to stay up-to-date with the latest attack techniques and prevention measures to ensure the security of your web applications.