Host Header Attacks

00 — Overview

Host Header Attacks

The Host header tells the server which site you want. But many apps trust it blindly — using it to generate password reset links, cache keys, and redirects. Poison it and you control the output.

Intermediate·40 min·5 tasks

// By the end of this module

→Explain how the Host header is used in virtual host routing

→Identify applications that use the Host header to build dynamic URLs

→Execute a password reset poisoning attack to capture a victim's reset token

→Abuse Host header manipulation for routing-based SSRF to internal services

→Validate the Host header against an allowlist and build URLs from config

// Prerequisites

Complete these before starting this module for the best experience.

Foundation · Beginner

How the Web Works

45 min

→

Injection · Intermediate

SSRF — Server-Side Request Forgery

30 min

→