hacktricks/pentesting/pentesting-web/special-http-headers.md

# Special HTTP headers

## Headers to Change Location

Rewrite **IP source**:

* `X-Originating-IP: 127.0.0.1` 
* `X-Forwarded-For: 127.0.0.1` 
* `X-Remote-IP: 127.0.0.1` 
* `X-Remote-Addr: 127.0.0.1`
* `X-ProxyUser-Ip: 127.0.0.1`
* `X-Original-URL: 127.0.0.1`
* `Connection: close, X-Forwarded-For` \(Check hop-by-hop headers\)

Rewrite **location**:

* `X-Original-URL: /admin/console`
* `X-Rewrite-URL: /admin/console`

## Hop-by-Hop headers

A hop-by-hop header is a header which is designed to be processed and consumed by the proxy currently handling the request, as opposed to an end-to-end header.

* `Connection: close, X-Forwarded-For`

{% page-ref page="../../pentesting-web/abusing-hop-by-hop-headers.md" %}

## HTTP Request Smuggling

* `Content-Length: 30`
* `Transfer-Encoding: chunked`

{% page-ref page="../../pentesting-web/http-request-smuggling.md" %}
GitBook: [master] 3 pages modified 2021-09-19 15:19:00 +00:00			`# Special HTTP headers`

			`## Headers to Change Location`

			`Rewrite IP source:`

			* `X-Originating-IP: 127.0.0.1`
			* `X-Forwarded-For: 127.0.0.1`
			* `X-Remote-IP: 127.0.0.1`
			* `X-Remote-Addr: 127.0.0.1`
			* `X-ProxyUser-Ip: 127.0.0.1`
			* `X-Original-URL: 127.0.0.1`
			* `Connection: close, X-Forwarded-For` \(Check hop-by-hop headers\)

			`Rewrite location:`

			* `X-Original-URL: /admin/console`
			* `X-Rewrite-URL: /admin/console`

			`## Hop-by-Hop headers`

			`A hop-by-hop header is a header which is designed to be processed and consumed by the proxy currently handling the request, as opposed to an end-to-end header.`

			* `Connection: close, X-Forwarded-For`

			`{% page-ref page="../../pentesting-web/abusing-hop-by-hop-headers.md" %}`

			`## HTTP Request Smuggling`

			* `Content-Length: 30`
			* `Transfer-Encoding: chunked`

			`{% page-ref page="../../pentesting-web/http-request-smuggling.md" %}`