🖥️
Penetration testing/ethical hacking
  • Introduction
  • 💿Virtualbox network setup
    • What is VirtualBox?
    • NAT
    • NAT network
    • Bridged adapter
    • Internal network
    • pfSense
    • vboxmanage
    • Overview
  • 🕵️OSINT
    • What is OSINT?
    • Google dorks
    • Metadata
    • Social media
  • Tools
    • Recon-ng
    • sherlock
    • osintagram
    • maltego
  • 😨Social Engineering
    • What is social engineering?
    • 7 tricks of social engineering
    • Email phishing
    • Typosquatting
    • Compiled resources
  • 😈MitM attack
    • What is MitM attack?
    • ARP spoof/poison
    • DNS spoof/poison
    • HTTP MitM attack
    • ICMP redirect attack
    • DHCP spoofing
    • Evil twin attack
    • Experiment (guest network)
    • Compiled resources
  • 🔌UPnP exploitation
    • What is UPnP?
    • What is SSDP?
    • IGD functions
    • LAN devices
    • Compiled resources
  • 🪚Network hacking
    • What is network hacking?
  • 1️⃣Network live host discovery
    • What is network live host discovery?
    • nmap
    • arp-scan
    • masscan
  • 2️⃣Network port scan/services enumeration
    • What is network port scan/services enumeration?
    • nmap
    • netcat
  • 3️⃣Network services vulnerability scanning & exploitation
    • What is network vulnerability scanning/exploitation?
    • 20/21 ~ FTP
    • 22 ~ SSH
    • 25 ~ SMTP
    • 53 ~ DNS
    • 80/443 ~ HTTP/HTTPS
    • 110 ~ POP3
    • 111/2049 ~ RPC/NFS
    • 139/445 ~ SMB
    • 143 ~ IMAP
    • 3389 ~ RDP
  • Vulnerability & exploitation
    • Database
    • Metasploit
    • Msfvenom
  • Misconfigurations
    • .DS_Store
  • Web Hacking
    • Introduction
    • Directories/URLs gathering
    • Subdomain enumeration
    • File inclusion
    • Upload vulnerabilities
      • File extension cheat-sheet
    • SSRF
    • XSS
    • SQL injection
  • OWASP Top 10
  • General web knowledge
    • URI standard (RFC 3986)
    • HTTP headers
  • 🛣️Attacks on routing protocols
    • What are attacks on routing protocols?
    • BGP hijacking
  • 🏕️To explore
    • MQTT
    • Routersploit
    • DNS rebinding attack
    • LLMNR/mDNS poisoning
  • 👤Anonymity
    • VPN
    • Proxychains
    • TOR
    • Obfuscation
  • Credentials brute-force/cracking
    • Introduction
    • Windows SAM database
    • Dictionary attack
    • Rainbow attack
      • Hash database
    • Tools
      • Hydra
      • John the ripper
      • hash-identifier
  • Post-exploitation
    • Gaining shell
      • netcat
      • socat
      • powershell
      • bash
      • PHP
    • Repository
  • Privilege escalation
    • Linux
      • Repositories
      • Enumeration
      • Vulnerabilities exploit
        • General
        • Kernel exploit
        • Sudo
        • SUID
        • Capabilities
        • Cronjobs
        • $PATH
        • NFS
    • Windows
      • Password harvesting
      • Vulnerabilities exploit
        • Scheduled tasks
        • AlwaysInstallElevated
        • Service misconfigurations
          • Insecure permissions on service executable
          • Unquoted service path
          • Insecure service permission
        • Abusing privileges
  • Ⓜ️MITRE ATT&CK
    • Introduction
  • 🧰Tools/services
    • Introduction
    • Web hacking
      • Password brute-forcing
      • Web fuzzing
      • Burp Suite (Community)
    • Information gathering/reconnaissance
    • Network hacking
      • nmap (general overview)
    • General
      • impacket
    • Wordlists
      • cewl
  • Write-ups
    • TryHackMe
      • Silver Platter
      • Light
      • OWASP Top 10 - 2021 (task 22)
    • OverTheWire
      • Untitled
    • OWASP juice shop
  • AI prompt
    • ChatGPT
Powered by GitBook
On this page
  • 1. X-Forwarded-For, True-Client-IP, X-Client-IP
  • Potential XSS
  1. General web knowledge

HTTP headers

HTTP header methods that are exploitable

1. X-Forwarded-For, True-Client-IP, X-Client-IP

Commonly used by CDN, proxy servers, etc. Informs the webserver of the originating IP address. However, this can be spoofed to trick the web server.

Potential XSS

For example, if the provided value is placed somewhere on the web-page, it can potentially lead to a XSS vulnerability if not filtered properly.

Refer to task 7 of the following TryHackMe challenge:

a) Challenge: https://tryhackme.com/room/owaspjuiceshop

b) Write-up: https://jarrettgxz-sec.gitbook.io/penetration-testing-ethical-hacking/write-ups/owasp-juice-shop

PreviousURI standard (RFC 3986)NextWhat are attacks on routing protocols?

Last updated 11 days ago