- Knowledge Base
- Web Application Scanning
- Authenticated scanning
-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
System & Network Scanning
-
Web Application Scanning
-
Cloud Scanning (CSPM)
-
API Scanning
-
Phishing & Awareness Training
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
How do I use header injections in a web application scan?
There are different reasons to use header injections in a web application scan, see different examples below.
Header Injection
Enter header information in the field provided using the format:
<header>: <text>
For example:
Accept: */*
Accept:application/json
Content-type: application/json
Content-type: text/plain
Select the header injection you wish to use for your web application, multiple headers may be entered.
Example 1
To bypass a complex login form, where mwf_login is the session identifier for the application:
Cookie: Name: OskarID1
Example 2
To bypass a complex login form, where ”example cookie” is the session identifier for the application:
Cookie: Example=Example
Example 3
To bypass basic authentication:
Authorization: BasicAuth sL092k3YvLk
When a header such as the above is provided, the header basic authentication overrides an authentication record with basic authentication defined.