HTTP 24
This challenge covers how to send specific HTTP requests
In this challenge, your objective is to send a request to /pentesterlab
with the X-Forwarded-Host
header set to pentesterlab.com
. This header is often used by reverse proxies to forward the original host requested by the client to the backend server. Manipulating this header can sometimes result in unexpected behaviors, which can be exploited for various purposes.
To solve this challenge, it is recommended to start with curl
for simplicity. Once you have successfully sent the request using curl
, you can write a script in your preferred programming language to automate the task. This approach not only helps in solving the current challenge but also allows you to build a collection of scripts for future use.
In the provided video, the steps are demonstrated using a terminal to send the request with the X-Forwarded-Host
header set to pentesterlab.com
. The video also explains the role of reverse proxies and how this header can be manipulated to pose as a different host, potentially triggering unexpected behavior in the target application.