Covers the full playbook for exploiting applications that trust the Host header for URL generation, routing, or access control. The classic attack is password reset poisoning where you inject your domain in the Host header and the victim's reset token gets sent to you, but this also walks through cache poisoning, SSRF via routing, and virtual host discovery. What's useful here is the bypass catalog when Host validation exists: double Host headers, X-Forwarded-Host overrides, absolute URIs in the request line, and parser differentials with trailing dots or @ symbols. Includes framework-specific behaviors for PHP, Django, Rails, and Node that base models typically miss. If you're testing anything that generates links in emails or uses Host for backend routing, this gives you the complete enumeration checklist.
npx skills add https://github.com/yaklang/hack-skills --skill http-host-header-attacks