- Knowledge base
- Web Application Security
- Authenticated scanning
-
Security updates
-
Product news
-
Next-Gen Vulnerability Management
-
Getting started
-
General
-
Operating status
-
Network & System Security
-
Web Application Security
-
Cloud Security
-
API Security
-
Phishing Simulation & Awareness Training
-
Attack Surface Management
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset management
-
Vulnerability manager
-
Reports
-
Digest reports
-
Organizer
-
Continuous monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & conditions
-
Dashboard
How do I use header injections in a web application scan?
There are different reasons to use header injections in a web application scan, see different examples below.
Header Injection
Enter header information in the field provided using the format:
<header>: <text>
For example:
Accept: */*
Accept:application/json
Content-type: application/json
Content-type: text/plain
Select the header injection you wish to use for your web application, multiple headers may be entered.
Example 1
To bypass a complex login form, where mwf_login is the session identifier for the application:
Cookie: Name: OskarID1
Example 2
To bypass a complex login form, where ”example cookie” is the session identifier for the application:
Cookie: Example=Example
Example 3
To bypass basic authentication:
Authorization: BasicAuth sL092k3YvLk
When a header such as the above is provided, the header basic authentication overrides an authentication record with basic authentication defined.