Uploaded by Sri Vasavi Dasoju

HTTP HEADER ATTACK

advertisement
HTTP Host header
attack
Srivasavi dasoju
Srikavya pittu
OBJECTIVES:
• What is HTTP host header attack ?
• What is the impact of it ?
• What are the mitigations?
• Example labs
HOST HEADER ATTACK:
• A Host header attack, also known as Host header injection, is a web
attack where the attacker provides a false Host header to the web
application.
• For example, when a user visits https://portswigger.net/web-security,
their browser will compose a request containing a Host header as
follows:
GET /web-security HTTP/1.1 Host:
portswigger.net
• In some cases, such as when the request has been forwarded by an
intermediary system, the Host value may be altered before it reaches
the intended back-end component
IMPACT OF HOST HEADER ATTACK
• Web cache poisoning:Web cache poisoning is an advanced technique
whereby an attacker exploits the behavior of a web server and cache so that
a harmful HTTP response is served to other users.
• Cross-site scripting :The attacker aims to execute malicious scripts in a
web browser of the victim by including malicious code in a legitimate
web page or web application
• password reset poisoning :the attacker can obtain a password reset token
and reset another user’s password.
• Bypassing authentication: An attacker gains access to application,
service, or device with the privileges of an authorized or privileged user by
evading or circumventing an authentication mechanism.
• More…
Download