HTTP 24

In this challenge, your objective is to send a request to /pentesterlab with the X-Forwarded-Host header set to pentesterlab.com. This header is often used by reverse proxies to forward the original host requested by the client to the backend server. Manipulating this header can sometimes result in unexpected behaviors, which can be exploited for various purposes.

To solve this challenge, it is recommended to start with curl for simplicity. Once you have successfully sent the request using curl, you can write a script in your preferred programming language to automate the task. This approach not only helps in solving the current challenge but also allows you to build a collection of scripts for future use.

In the provided video, the steps are demonstrated using a terminal to send the request with the X-Forwarded-Host header set to pentesterlab.com. The video also explains the role of reverse proxies and how this header can be manipulated to pose as a different host, potentially triggering unexpected behavior in the target application.