Timeline for Exploiting HTTP redirect function via the Host header
Current License: CC BY-SA 3.0
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 29, 2017 at 13:38 | comment | added | Steffen Ullrich | @iain: to cite myself: you gain not really anything new by modifying the Host header in the request since as a man in the middle you could already modify the Location header in the response anyway | |
| Jun 29, 2017 at 12:06 | comment | added | Josef | Then you can also trick the user into installing a browser plugin that does far more evil stuff. | |
| Jun 29, 2017 at 11:28 | comment | added | user1880405 | thanks for your insight. I am thinking that one scenario could be to trick user into somehow installing some browser plugin which might change Host header, but likelihood seems extremely low. | |
| Jun 29, 2017 at 11:09 | history | answered | Steffen Ullrich | CC BY-SA 3.0 |