How do I use header injections in a web application scan?

There are different reasons why to use header injections in a web application scan, see different examples below.

Header Injection

Enter header information in the field provided using the format:

<header>: <text>

For example:
Accept: */*
Accept:application/json
Content-type: application/json
Content-type: text/plain

Select the header injection you wish to use for your web application, multiple headers may be entered.

Example 1

To bypass a complex login form, where mwf_login is the session identifier for the application:

Cookie: Name: OskarID1

Example 2

To bypass a complex login form, where ”example cookie is the session identifier for the application:

Cookie: Example=Example

Example 3

To bypass basic authentication:

Authorization: BasicAuth sL092k3YvLk

When a header such as the above is provided, the header basic authentication overrides an authentication record with basic authentication defined.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.