[fix] #659 : Add Host Header Manipulation Test

[adarsh-jha-dev]

Description

Closes #659

This pull request addresses Issue #659, which involves the addition of a new security test for Host Header Manipulation. The test checks whether an attacker can create or update an entity using this method, and it focuses on specific requirements:

🎯 Requirements:

• Filters: Applicable to APIs with GET query parameters or JSON body parameters.

• Execution: The test adds or replaces values in HTTP headers:

  • Host: localhost if the Host header exists, or adds it as a new value.
  • Host: 127.0.0.1 if the Host header exists, or adds it as a new value.
  • X-Forwarded-For: evil-website.com
  • X-Forwarded-Host: evil-website.com
  • X-Client-IP: evil-website.com
  • X-Remote-IP: evil-website.com
  • X-Remote-Addr: evil-website.com
  • X-Host: evil-website.com

• Validation: If the application responds with an exception trace or error response strings, it is considered a vulnerability.

The new test is structured and designed to verify security against Host Header Manipulation in various scenarios. It aligns with the objectives of Issue #659.

Please review this PR and provide feedback or merge it as appropriate.

[adarsh-jha-dev]

I request any of the maintainers to please have a look at this PR and merge it if found relevant

[adarsh-jha-dev]

Thanks a lot @ankush-jain-akto , will this PR count towards my hacktoberfest swags/prizes?