Skip to content

检测host头攻击的Burpsuite被动扫描插件,Burpsuite passive scanning plugin responsible for detecting host header attack

Notifications You must be signed in to change notification settings

weujieytt/HostHeaderAttack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 

Repository files navigation

Host Header Attack

这是一款负责检测主机头攻击的Burpsuite被动扫描插件

本人安服仔不会JAVA,完全是面向百度编程,host头攻击在日常见的较多,写此插件只为了凑洞与练手。

PHP本地环境模拟

<html>
   <title>Host Header Attack</title>
   <body>
   <script src="http://<?php echo $_SERVER['HTTP_HOST'];?>/hostattack.js"></script>
   </body>
   <?php
   header('Location:'.$_SERVER['HTTP_HOST']);
   echo $_SERVER['HTTP_HOST'];
?>

image-1

效果展示

image-2

image-3

About

检测host头攻击的Burpsuite被动扫描插件,Burpsuite passive scanning plugin responsible for detecting host header attack

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages