▹ Watch me Live on Twitch every Monday and Thursday! - https://twitch.tv/garr_7
Portswigger Web Security Academy HTTP Host Header Attacks Lab: Host header authentication bypass - https://portswigger.net/web-security/host-header/exploiting/lab-host-header-authentication-bypass
Additional References for Further Exploration:
Garr's Walkthrough of HTTP Host Header Attacks Lab: Basic password reset poisoning - https://youtu.be/oWP53O0Kuzw
PortSwigger's Host Header Attacks Resource - https://portswigger.net/web-security/host-header
------------------------------------------------------------------------------
In this series, we take a look at Web Security Academy's Host Header Attacks labs and break them down. The goal is to break down the concepts to not only get to the solution, but talk about methodology and the mental steps we take in order to discover these vulnerabilities in the wild.
Timestamps:
0:00 Intro
0:20 Quick Recap
0:38 Lab Start: Walking Through the Application
1:03 Leveraging robots.txt To Find Admin Functionality
1:14 What Does Changing the Host Header Do?
2:11 Discovering the Final Payload
3:10 Quick Blurb About Burp's Match & Replace
3:30 Recap
3:54 Outro
------------------------------------------------------------------------------
Music:
“Friends”
Produced by Hyper Potions
https://youtu.be/OEboG4LnUBI
“Morning Tea”
Produced by Jeff Kaale
https://youtu.be/euQG29OK3-M
“High Noon”
Produced by Bankrupt Beats
https://youtu.be/d8v2tuTtSc0
“Ikebaby”
Produced by Robotprins
https://youtu.be/APAekwchpkE
------------------------------------------------------------------------------
Edited by Shikairi - https://shikairi.carrd.co/
