Question: Am I doing something wrong? /Vhost scanning #781
Comments
|
Hi @bug-bounty-001,
Checking Burp, this is sending requests to different IPs
But when fuzzing to the HTTPs, the IPs are the same as the target.
This will need a deeper analysis, I hope it doesn't affect your tests. |
|
Hi @bsysop,
//It doesn't affect my tests, I was planning to use it on ctf. Thank you for contributing to this great tool. |
|
Lol, nice work! |
|
This is actually a feature from HTTP spec, I have stumbled into this before and I figured out it was stemming from the Go standard library request.go, around line 600 in current version. However upon double checking the related RFCs it was pretty clearly written there.
Now while I might end up working around this in the future, I probably won't, as it's a lot of work for a single niche use case - fuzzing Host - header while using a HTTP proxy. |
Description:
I tried to fuzz host header and send it to same IP address.
I ran 2 different commands to demonstrate, I didn't get expected behaviour from second one. Only difference is http/https.
First one: (this works as expected)
ffuf -w subdomains-top1million-20000.txt -u https://142.250.187.142 -H "HOST: FUZZ.google.com" -H "Custom: just testing my tools" -x http://localhost:8080 -t 1 -rate 1Screenshots from Burp Suite 1:
Second one:
ffuf -w subdomains-top1million-20000.txt -u http://142.250.187.142 -H "HOST: FUZZ.google.com" -H "Custom: just testing my tools" -x http://localhost:8080 -t 1 -rate 1Screenshots from Burp Suite 2:
Problem:
Apparently I can't change host header in http request.
I am probably missing some configuration or flag, can you assist me?
Thank you.
The text was updated successfully, but these errors were encountered: