There are different reasons why to use header injections in a web application scan, see different examples below.
Header Injection
Enter header information in the field provided using the format:
<header>: <text>
For example:
Accept: */*
Accept:application/json
Content-type: application/json
Content-type: text/plain
Select the header injection you wish to use for your web application, multiple headers may be entered.
Example 1
To bypass a complex login form, where mwf_login is the session identifier for the application:
Cookie: Name: OskarID1
Example 2
To bypass a complex login form, where ”example cookie” is the session identifier for the application:
Cookie: Example=Example
Example 3
To bypass basic authentication:
Authorization: BasicAuth sL092k3YvLk
When a header such as the above is provided, the header basic authentication overrides an authentication record with basic authentication defined.
0 Comments