Home

Awesome

Host Header Inchecktion

This burp extension helps to find host header injection vulnerabilities by actively testing a set of injection types. A scan issue is created if an injection was successful.

Features

Usage

Run an active scan or manually select a request to check:

  1. Go to the HTTP history.
  2. Right-click on the request you want to check.
  3. Extension -> Host Header Inchecktion -> payload type
  4. In case of a successful injection a scan issue is generated.

Installation

  1. Download the pre-built jar from the releases page.
  2. Extender -> Add -> Extension Details -> Select file ...
  3. Select the downloaded jar.

Build

Linux: ./gradlew clean build fatJar

Windows: .\gradlew.bat clean build fatJar

Get the jar from build/libs/host_header_inchecktion-<version>.jar