HTTP 24

This challenge covers how to send specific HTTP requests

PRO
Tier
Medium
< 1 Hr.
2461
HTTP Badge

Course


In this challenge, your objective is to send a request to `/pentesterlab` with the `X-Forwarded-Host` header set to `pentesterlab.com`. This header is often used by reverse proxies to forward the original host requested by the client to the backend server. Manipulating this header can sometimes result in unexpected behaviors, which can be exploited for various purposes.

To solve this challenge, it is recommended to start with `curl` for simplicity. Once you have successfully sent the request using `curl`, you can write a script in your preferred programming language to automate the task. This approach not only helps in solving the current challenge but also allows you to build a collection of scripts for future use.

In the provided video, the steps are demonstrated using a terminal to send the request with the `X-Forwarded-Host` header set to `pentesterlab.com`. The video also explains the role of reverse proxies and how this header can be manipulated to pose as a different host, potentially triggering unexpected behavior in the target application.

Want to learn more? Get started with PentesterLab Pro! GO PRO