Skip to content

Latest commit

 

History

History
30 lines (25 loc) · 1019 Bytes

README.md

File metadata and controls

30 lines (25 loc) · 1019 Bytes

Exploit HTTP Host Header

This just is a simple script to check what server response when get infected HTTP-header.

More about HTTP Host header attacks

Note: It's just an alpha version, so bugs will be :)

Install

git clone https://github.com/run-byte-run/ehhh.git
cd ./ehhh
pip install -r requirements.txt

Usage

So let's try to solve this lab.

python ehhh.py --url https://%hash%.web-security-academy.net/admin

Console output will be like:

Ehhh just run...
Module "lib.attacks.add_line generate task.
Module "lib.attacks.bruteforce generate task.
Module "lib.attacks.flawed generate task.
Module "lib.attacks.x_header generate task.
Task "BruteForceEhhhAttackTask" with "host: localhost" may be vulnerability!

So that means if we replace Host-header to Host: localhost response will change. Try it out ;)