how set http header host in Penetration Testing web ?
https://github.com/nodejs/node/issues/20275 // 伪造host攻击测试 function fnDoHostAttack(url,fnCbk) { if(bRunHost)return; bRunHost = true; try{ var nPort = -1 < g_szUrl.indexOf("https")? 443: 80; var uO = urlObj.parse(url), ss = "I.am.M.T.X.T",host = uO.host.split(/:/)[0], port = uO.port || nPort; if(/.*?\/$/g.test(uO.path))uO.path = uO.path.substr(0, uO.path.length - 1); // checkWeblogicT3(host,port); if(program.t3)fnCheckJavaFx([host,port].join(":")); fnSocket(host,port,'POST ' + uO.path + ' HTTP/1.1\r\nHost:' + ss + '\r\nUser-Agent:Mozilla/5.0 (iPhone; CPU iPhone OS 10_2 like ' + szMyName + ') ' + g_szUa + ' MTX/3.0\r\nContent-Type: application/x-www-form-urlencoded' + '\r\n\r\n', function(data) { var d = data && data.toString().trim() || ""; fnParseHttpHd(d,function(o) { var oD = {des:"伪造host攻击测试成功"}; if(o.location && -1 < String(o.location).indexOf(ss)) { g_oRst["host"] = oD; oD.des += ", response返回的location:" + o.location; } var n = d.indexOf(ss); if(-1 < n) { var rg = new RegExp("(<.*?http:\\/\\/" + ss + ".*?>)","gim"); var a = rg.exec(d); if(a) { var o = g_oRst["host"] || oD; o.code = "返回的代码中存在攻击后的代码:" + a[1]; g_oRst["host"] = o; } } }); }); }catch(e){fnLog(e)} } https://github.com/hktalent/myhktools -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/6e4682ef-591d-4834-b4ee-ecc270f169e7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
