Burp community forum

Host header injection

Garry | Last updated: Jul 12, 2019 12:27PM UTC

Hi , I am trying to create POC (Proof of Concept) for header injection vulnerability on a website. https://abcd/path1/path2 Steps tried: 1. Created a server and added folders folder. 2. Added folders under server location. 3. New structure looks like : eg. 192.168.x.x /abcd/path1/path2 4. Intercepted web request in Burp and changed original Host to 192.168.x.x 5. Forwarded and to got redirect response 6. On browser response is not served Error is shown as "Failed to connect 192.168.x.x Expected : 200 ok response, since webiste is vulnerable to header injection browser should display: https://192.168.x.x/abcd/path1/path2 Please help

Liam, PortSwigger Agent | Last updated: Jul 15, 2019 01:58PM UTC

Garry, why do you think the site is vulnerable to Host header injection. Have you tried using Burp Repeater?

You need to Log in to post a reply. Or register here, for free.