Host Header Overview

• What is the Host Header?
  • The Host header in an HTTP request identifies the domain name requested by the client.
• What are Host Header Attacks?
  • These vulnerabilities allow attackers to manipulate the Host header, potentially altering server behavior through malicious payloads.

Impact of Host Header Attacks

• Exploits may include:
  • SSRF through routing manipulation
  • Authentication bypass
  • Web cache poisoning

Mitigating Host Header Attacks

• Implement Host header validation
• Whitelist permitted domains
• Disable Host header overrides

Host Headers checklist

• [ ] change host header value and check response

• [ ] change host : vulnerable-domain ⇒ host : attacker_sub_domain.vulnerable-domain and check response

• [ ] Test duplicated host header and check response

         host : **vulnerable-domain**