Host header spoofing

2.5k views Asked by At

Using Firefox I can tamper with the host header so that a call to localhost/forum/ has the host header spoofed to be www.mydomain.com

The reason I am doing this is because I am developing a reverse proxy that will execute when certain domains are detected. Everything is working, well nearly everything.

The proxy code detects the request and reroutes it to another server, and the server responds with the correct html content. The problem is with external script files referenced by the returned html. So for example

<script type="text/javascript" src="init.js"></script>

This will result in an unspoofed (is there such a word?) request from the browser of

http://localhost/init.js 

By inspecting this request, the issue is that the host header has reverted to localhost not www.mydomain.com.

Is there a way, without changing the hosts file, to set a host header to be used for all requests made during a page load? I would like to tamper with the host header for all requests spawned from the initial navigation.

1

There are 1 answers

0
CarbonMan On

I had it backwards. My reverseProxy was reading the hosts file and redirecting the requests on the basis of how the hostname resolved.

The correct way is to change the hosts file, and then your proxy reads a web.config file to get the redirection. That is only on the dev box, when deployed the hosts file does not need to be changed because the client will be on a remote machine. So it only requires a web.config file entry.