C#•6mo ago

Trying to manipulate the host header in C#

I can do it in python or other languages but I am trying to adopt C# for all my exploit developments. I am writing a PoC for a security bug and it requires me to modify the host header so that it overflows on the server. But it seems there is a maximum limit of 256 characters for host header in HttpClient itself. Here is the snippet:

using(HttpClient client = new HttpClient())
{
    HttpRequestMessage request = new() {
         RequestUri = new Uri($"http://{TARGET}/"),
         Method = HttpMethod.Get,
    };

    request.Headers.Host = new string('a', 3000);
    await client.SendAsync(request);
}

using(HttpClient client = new HttpClient())
{
    HttpRequestMessage request = new() {
         RequestUri = new Uri($"http://{TARGET}/"),
         Method = HttpMethod.Get,
    };

    request.Headers.Host = new string('a', 3000);
    await client.SendAsync(request);
}

This will throw an exception with message The specified value is not a valid 'Host' header string.. Is any way to set host header to very long strings in HttpClient? If not, is there any alternative in C#?

4 Replies

Scratch•6mo ago

are you running this against target hosts that you control or have permission for?

crypto•6mo ago

yes I am testing against my own instance

ffmpeg -i me -f null -•6mo ago

if you are in http you could just open a socket and send some text

crypto•6mo ago

Yes, haha why didn't I think of it. Thanks!

Gaming

Programming

Trying to manipulate the host header in C#