This burp extension helps to find host header injection vulnerabilities by actively testing a set of injection types. A scan issue is created if an injection was successful.
- Active Scanner
- Manually select a request to check multiple types of host header injections.
- Collaborator payload: Inject a collaborator string to check for server-side request forgery.
- Localhost payload: Inject the string "localhost" to check for restricted feature bypass.
- Canary payload (only manual): Inject a canary to check for host header reflection which can lead to cache poisoning.
Run an active scan or manually select a request to check:
- Go to the HTTP history.
- Right-click on the request you want to check.
- Extension -> Host Header Inchecktion -> payload type
- In case of a successful injection a scan issue is generated.
- Download the pre-built jar from the releases page.
- Extender -> Add -> Extension Details -> Select file ...
- Select the downloaded jar.
Linux: ./gradlew clean build fatJar
Windows: .\gradlew.bat clean build fatJar
Get the jar from build/libs/host_header_inchecktion-<version>.jar