Skip to content
/ ehhh Public

This just is a simple script to check what server response when get infected HTTP-header.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

run-byte-run/ehhh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
lib
lib
 
 
payload
payload
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
ehhh.py
ehhh.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Exploit HTTP Host Header

This just is a simple script to check what server response when get infected HTTP-header.

More about HTTP Host header attacks

Note: It's just an alpha version, so bugs will be :)

Install

git clone https://github.com/run-byte-run/ehhh.git
cd ./ehhh
pip install -r requirements.txt

Usage

So let's try to solve this lab.

python ehhh.py --url https://%hash%.web-security-academy.net/admin

Console output will be like:

Ehhh just run...
Module "lib.attacks.add_line generate task.
Module "lib.attacks.bruteforce generate task.
Module "lib.attacks.flawed generate task.
Module "lib.attacks.x_header generate task.
Task "BruteForceEhhhAttackTask" with "host: localhost" may be vulnerability!

So that means if we replace Host-header to Host: localhost response will change. Try it out ;)

About

This just is a simple script to check what server response when get infected HTTP-header.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages