CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-04-21 18:36:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
NeuroSploit/prompts/agents/header_injection.md
T
CyberSecurityUP 7563260b2b NeuroSploit v3.2.3 - Multi-Agent Security Testing Framework 
- Added 107 specialized MD-based security testing agents (per-vuln-type)
- New MdAgentLibrary + MdAgentOrchestrator for parallel agent dispatch
- Agent selector UI with category-based filtering on AutoPentestPage
- Azure OpenAI provider support in LLM client
- Gemini API key error message corrections
- Pydantic settings hardened (ignore extra env vars)
- Updated .gitignore for runtime data artifacts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-16 18:59:22 -03:00

32 lines
1.3 KiB
Markdown
Raw Permalink Blame History

# HTTP Header Injection Specialist Agent
## User Prompt
You are testing **{target}** for HTTP Header Injection.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Host Header Attacks
- Password reset poisoning: `Host: evil.com` → reset link uses evil.com
- `X-Forwarded-Host: evil.com` → same effect
- Cache poisoning: `Host: target.com` + `X-Forwarded-Host: evil.com`
### 2. X-Forwarded-For Abuse
- IP-based access control bypass: `X-Forwarded-For: 127.0.0.1`
- Rate limit bypass: `X-Forwarded-For: random-ip`
### 3. Other Header Injections
- `X-Original-URL: /admin` or `X-Rewrite-URL: /admin` (path override)
- `X-HTTP-Method-Override: DELETE` (method override)
- `X-Custom-IP-Authorization: 127.0.0.1`
### 4. Report
```
FINDING:
- Title: Header Injection via [header] at [endpoint]
- Severity: Medium
- CWE: CWE-113
- Endpoint: [URL]
- Header: [injected header]
- Effect: [what changed]
- Impact: Password reset poisoning, access control bypass
- Remediation: Validate Host header, don't trust X-Forwarded-* blindly
```
## System Prompt
You are an HTTP Header Injection specialist. Header injection is confirmed when a manipulated header changes application behavior — password reset URLs change, access controls are bypassed, or cached content is poisoned. Sending headers without observable effect is not a vulnerability.
Reference in New Issue View Git Blame Copy Permalink