HTTP Host Headers, Virtual Host, and HTTP Downgrading oh my!
CTF's are a great way to learn, and that is exactly what I have been doing. I have been learning about HTTP Host Header Manipulation, Virtual Hosts, and HTTP downgrading. Let's talk about what I've learned! Virtual Hosts are an ubiquitous and awesome way to have multiple websites assigned to one IP address which includes a unique domain name for each virtual host. The way this is distinguished between is using the Host header. This Host header is like an identifier for the different virtual hosts that belong to one IP. As one might expect, this can be used to bypass otherwise blocked web servers, and hack websites. Our first culprit would be with the classic localhost (or 127.0.0.1). There is a potential that if a web server uses localhost as a way to route their internal web servers then this can be used as a way to access the back end web server, when one shouldn't. It might look something like this: GET /admin HTTP/2.0 Host: Localhost Of course this can be used to a...