• Stars
    star
    211
  • Rank 186,867 (Top 4 %)
  • Language
    Go
  • Created almost 4 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Customisable and automated HTTP header injection

headi

Customisable and automated HTTP header injection. Example run from the HTB machine Control:

InsecureSkipVerify is not currently configured, if you want to disable security checks then feel free to uncomment crypto/tls in the imports and the TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, lines in http transport configuration and then build locally.


Todo

  • add concurrency option - does run slowly on some sites

Install

go install github.com/mlcsec/headi@latest

Or from git:

git clone https://github.com/mlcsec/headi.git
make before.build
make build.headi
sudo mv headi /usr/local/bin

Headers

Injects the following HTTP headers:

  • Client-IP
  • Connection
  • Contact
  • Forwarded
  • From
  • Host
  • Origin
  • Referer
  • True-Client-IP
  • X-Client-IP
  • X-Custom-IP-Authorization
  • X-Forward-For
  • X-Forwarded-For
  • X-Forwarded-Host
  • X-Forwarded-Server
  • X-Host
  • X-HTTP-Host-Override
  • X-Original-URL
  • X-Originating-IP
  • X-Real-IP
  • X-Remote-Addr
  • X-Remote-IP
  • X-Rewrite-URL
  • X-Wap-Profile

An initial baseline request is made to gauge the normal response for the target resource. Green indicates a change in the response and red no change. [+] and [-] respectively.


Usage

Two options for HTTP header injection:

  1. Default payloads (127.0.0.1, localhost, etc.) are injected into the headers mentioned above
  2. Custom payloads can be supplied (e.g. you've enumerated some internal IPs or domains) using the pfile parameter
$ headi
Usage:
  headi -u https://target.com/resource
  headi -u https://target.com/resource -p internal_addrs.txt

Options:
  -p, --pfile <file>       Payload File
  -t, --timeout <millis>   HTTP Timeout
  -u, --url <url>          Target URL

Currently only takes one URL as input but you can easily bash script for numerous URLs like so:

$ for i in $(cat urls); do headi -url $i;done