Host header injection
I am trying to create POC (Proof of Concept) for header injection vulnerability on a website.
1. Created a server and added folders folder.
2. Added folders under server location.
3. New structure looks like : eg. 192.168.x.x /abcd/path1/path2
4. Intercepted web request in Burp and changed original Host to 192.168.x.x
5. Forwarded and to got redirect response
6. On browser response is not served
Error is shown as "Failed to connect 192.168.x.x
Expected : 200 ok response, since webiste is vulnerable to header injection
browser should display: https://192.168.x.x/abcd/path1/path2
Garry, why do you think the site is vulnerable to Host header injection.
Have you tried using Burp Repeater?