Hello Friends 👋,

Welcome To Infinitbility! ❤️

This article will help you to test and solve host header injection but the below solution is only for apache users.

Table of content

  1. What is the host header

  2. How to test host header

  3. How to prevent host header injection in apache

Let’s start today’s tutorial How to prevent host header injection in apache.

What is the host header

A host header is used when several web applications are deployed on the same IP address. Host header specifies which web application will process incoming HTTP requests. The host header is set on the user end, hence the server needs either a strict whitelist of the hosts or we unset the host header from the apache configuration. A simple example of host header injection could be, is I’m using _SERVER[‘HOST’] in my code to fetch the relative file path.

<script src="http://<?php echo _SERVER['HOST'] ?>"> </script>

How to test host header

To test host header injection you have to download Burp Suite Community Edition software, download from the below link.

https://portswigger.net/burp/communitydownload

After install burp,

  1. Open burp as a temporary project and go to the repeater tab.

  2. click on target and your domain 443 for HTTPS port.

  3. write-host in another domain like attacker.com and in Referer write your domain like the below example.

    
    GET /assets HTTP/1.1
    Host: now.com
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0: 
    Accept: image/webp,*/*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: https://yourdomain.com/
    Cookie: Awsalb=svtfag%2fw2hflr9mt35pembbq4a7thq7reeboiu5%20w7tmx6kla%2fc9rlcoa0w%20cd%20anoknweepl7j%3aVdedaikqyhkgufy%20sqwnx2ygvxpsit02zesu9esnbwn2tdwk; Awsalbcors=sv tfag/w2hflr9mt35pembbq4a7thq7reeboiu5 w7tmx6kla/c9rlcoa0w cd anoknwee: Pl7jvdedaikqyhkgufy sqwnx2ygvxpsit02zesu9esnbwn2tdwk: 
    Sec-Fetch-Dest: image
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Site: same-origin
    If-Modified-Since: Wed, 11 Aug 2021 08:14:20 GMT
    If-None-Match: "5a7-5c94434982dac"
    Cache-Control: max-age=0
    
  4. after press send button if you will get now.com in location like below example then you have host header issue.

Apache, host, header, Example

How to prevent host header injection in apache

To fix the host header injection we can unset the host header as follows:

Header unset X-Forwarded-Host

Go to etc/apache2/site-available folder and edit your domain configuration file.

Header unset X-Forwarded-Host put this header in your site configuration and save your file.

After save restart your apache server.

Thanks for reading…