2. 2 main puproses:
Virtual host
Proxy balancer
GET / HTTP/1.1
Host: www.example.com
...
3. Tampering can leak to:
Password reset poisoning
Cache poisoning
Access to internal hosts
Cross Site Scripting + filter bypass
4. Normal cases:
<a href=“//user/page”>page</a>
<a href=“http://example.com/user/page”>page</a>
5. Possible results after tampering:
Error
Default host / N/A
First virtual host (apache / nginx – 000-default.conf)
Tampered header in result html
GET / HTTP/1.1
Host: www.evil.com
...
6. Test case:
1) Go to password reset page
2) Spoof HOST header to attacker.com
3) Use victim’s email & submit