Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mlcsec/headi

Customisable and automated HTTP header injection
https://github.com/mlcsec/headi

bugbounty golang header-injection

Last synced: about 1 month ago
JSON representation

Customisable and automated HTTP header injection

Awesome Lists containing this project

README

        

# headi
Customisable and automated HTTP header injection. Example run from the HTB machine Control:

`InsecureSkipVerify` is not currently configured, if you want to disable security checks then feel free to uncomment `crypto/tls` in the imports and the `TLSClientConfig: &tls.Config{InsecureSkipVerify: true},` lines in http transport configuration and then build locally.


## Install
```
go install github.com/mlcsec/headi@latest
```

Or from git:
```shell
git clone https://github.com/mlcsec/headi.git
make before.build
make build.headi
sudo mv headi /usr/local/bin
```


## Headers
Injects the following HTTP headers:
* Client-IP
* Connection
* Contact
* Forwarded
* From
* Host
* Origin
* Referer
* True-Client-IP
* X-Client-IP
* X-Custom-IP-Authorization
* X-Forward-For
* X-Forwarded-For
* X-Forwarded-Host
* X-Forwarded-Server
* X-Host
* X-HTTP-Host-Override
* X-Original-URL
* X-Originating-IP
* X-Real-IP
* X-Remote-Addr
* X-Remote-IP
* X-Rewrite-URL
* X-Wap-Profile

An initial baseline request is made to gauge the normal response for the target resource. Green indicates a change in the response and red no change. `[+]` and `[-]` respectively.


## Usage
Two options for HTTP header injection:

1. Default payloads (127.0.0.1, localhost, etc.) are injected into the headers mentioned above
2. Custom payloads can be supplied (e.g. you've enumerated some internal IPs or domains) using the `pfile` parameter

```
$ headi
Usage:
headi -u https://target.com/resource
headi -u https://target.com/resource -p internal_addrs.txt

Options:
-p, --pfile Payload File
-t, --timeout HTTP Timeout
-u, --url Target URL
```
Currently only takes one URL as input but you can easily bash script for numerous URLs like so:
```
$ for i in $(cat urls); do headi -url $i;done
```