creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
757f1c8eae4e288d20f7dfde7f7a42a4d30cffc7
Anthropic-Cybersecurity-Skills/skills/testing-for-host-header-injection/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.4 KiB
Raw Blame History

API Reference: Testing for Host Header Injection

Alternative Host Headers

Header Description
X-Forwarded-Host Proxy-set original host
X-Host Alternative host header
X-Forwarded-Server Forwarded server name
X-HTTP-Host-Override Host override
Forwarded: host= RFC 7239 forwarded header
X-Original-URL URL rewrite override

Attack Scenarios

Attack Severity Impact
Password reset poisoning Critical Token theft via poisoned link
Web cache poisoning Critical Stored XSS via cached response
SSRF via Host High Internal service access
Virtual host bypass Medium Access to other vhosts
Open redirect Medium Phishing via redirect

Test Techniques

Technique Payload Example
Direct Host override Host: evil.com
Alternative header X-Forwarded-Host: evil.com
Port injection Host: target.com:@evil.com
Double Host Two Host headers
Absolute URL GET http://target.com/ Host: evil.com

Python Libraries

Library Version Purpose
requests >=2.28 HTTP requests with custom headers
json stdlib Report generation

References

Reference in New Issue View Git Blame Copy Permalink