> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# HTTP Host Header Attacks

> Cross-platform resources for HTTP Host Header Attacks: curated HTB machines, PortSwigger labs and TryHackMe rooms with validated writeups and related skills.

# HTTP Host Header Attacks

This page aggregates **cross-platform resources to practice HTTP Host Header Attacks**: retired Hack The Box machines, PortSwigger Web Security Academy labs and TryHackMe rooms, plus curated resources (HackTricks, PortSwigger, etc.) and related skills.

## Curated resources

| Source      | Link                                                                                                 |
| ----------- | ---------------------------------------------------------------------------------------------------- |
| PortSwigger | [https://portswigger.net/web-security/host-header](https://portswigger.net/web-security/host-header) |

## PortSwigger labs practicing HTTP Host Header Attacks (5)

| Lab                                                                                                                                                              | Difficulty                                                 | Topic                    | Official                                                                                                                               |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------- |
| [Host header authentication bypass](/en/portswigger/labs/host-header/exploiting-host-header-authentication-bypass)                                               | <span className="dbadge dbadge-easy">APPRENTICE</span>     | HTTP Host Header Attacks | [Open](https://portswigger.net/web-security/host-header/exploiting/lab-host-header-authentication-bypass)                              |
| [Host validation bypass via connection state attack](/en/portswigger/labs/host-header/exploiting-host-header-host-validation-bypass-via-connection-state-attack) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Host Header Attacks | [Open](https://portswigger.net/web-security/host-header/exploiting/lab-host-header-host-validation-bypass-via-connection-state-attack) |
| [Routing-based SSRF](/en/portswigger/labs/host-header/exploiting-host-header-routing-based-ssrf)                                                                 | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Host Header Attacks | [Open](https://portswigger.net/web-security/host-header/exploiting/lab-host-header-routing-based-ssrf)                                 |
| [SSRF via flawed request parsing](/en/portswigger/labs/host-header/exploiting-host-header-ssrf-via-flawed-request-parsing)                                       | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Host Header Attacks | [Open](https://portswigger.net/web-security/host-header/exploiting/lab-host-header-ssrf-via-flawed-request-parsing)                    |
| [Web cache poisoning via ambiguous requests](/en/portswigger/labs/host-header/exploiting-host-header-web-cache-poisoning-via-ambiguous-requests)                 | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Host Header Attacks | [Open](https://portswigger.net/web-security/host-header/exploiting/lab-host-header-web-cache-poisoning-via-ambiguous-requests)         |

***

← [Back to the full glossary](/en/glossary)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"HTTP Host Header Attacks","termCode":"host-header-attacks","inLanguage":"en","url":"https://rootea.es/en/skills/host-header-attacks","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Tactical pentesting glossary","url":"https://rootea.es/en/glossary"}}`}
</script>

*Last updated: 2026-05-08*
