Virtual Hosts

Table of Contents

• What is Virtual Hosts
  modify /etc/hosts to access a virtual host without a DNS record
• Types of Virtual Hosting
  Name-based; IP-based; Port-based
• VHost Fuzzing
  gobuster; Feroxbuster; fuff

What is Virtual Hosts

Virtual hosts is multiple applications sharing the same IP on the same server.

HTTP Host header helps ths server distinguish which request belongs to which host.

If a virtual host does not have a DNS record, you can still access it by modifying /etc/hosts to bypass DNS resolytion

for example, 10.129.243.184. If want to access dev.inlanefreight.local, /etc/hosts -> 10.129.243.184 dev.inlanefreight.local. If want to access app.inlanefreight.local -> 10.129.243.184 app.inlanefreight.local

Types of Virtual Hosting

1. Name-based: solely relies on HTTP header to distinguish between websites; cost-effective but might have limitations with SSL/TLS
2. IP-based: assings a unique IP to each website; better isolation; require multiple IPs so expensive and not scalable
3. Port-based: different ports for different websites; less common; might need user to specify port number in url

VHost Fuzzing

used to discover public and non-public subdomains and VHosts by testing various hostnames against a known IP address

Gobuster

gobuster vhost -u http://inlanefreight.htb:81 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain

• -u target url
• -w wordlist file
• --append-domain flag appends the base domain to each word in the wordlist
• -t increase the number of threads
• -k ignore SSL/TLS certificate errors
• -o save an output file