back
loading skill details...
>-
SKILL: HTTP Host Header Attacks — Injection & Routing Abuse AI LOAD INSTRUCTION: Covers Host header injection for password reset poisoning, cache poisoning, SSRF via routing, and virtual host bypass. Includes bypass techniques for Host validation and framework-specific behaviors. Base models often miss the double-Host trick, absolute-URI override, and connection-state attacks. 0. RELATED ROUTING web-cache-deception when Host injection is combined with cache behavior ssrf-server-side-request-forgery when Host header routes requests to internal services open-redirect when Host injection causes redirect to attacker domain waf-bypass-techniques when Host manipulation helps bypass WAF routing request-smuggling when smuggling enables Host header manipulation past front-end validation subdomain-takeover when Host routing exposes internal vhosts resolvable via subdomain 1. ATTACK SURFACE The Host header is used by web applications and infrastructure for:
don't have the plugin yet? install it then click "run inline in claude" again.