[node js] how set http header host in Penetration Testing web ?

[x.x.x.t.a....@gmail.com]

how set http header host in Penetration Testing web ?

https://github.com/nodejs/node/issues/20275

// 伪造host攻击测试

function fnDoHostAttack(url,fnCbk)

{

if(bRunHost)return;

bRunHost = true;

try{

var nPort = -1 < g_szUrl.indexOf("https")? 443: 80;

var uO = urlObj.parse(url), ss = "I.am.M.T.X.T",host = uO.host.split(/:/)[0], port = uO.port || nPort;

if(/.*?\/$/g.test(uO.path))uO.path = uO.path.substr(0, uO.path.length - 1);

// checkWeblogicT3(host,port);

if(program.t3)fnCheckJavaFx([host,port].join(":"));

fnSocket(host,port,'POST ' + uO.path + ' HTTP/1.1\r\nHost:' 

+ ss + '\r\nUser-Agent:Mozilla/5.0 (iPhone; CPU iPhone OS 10_2 like ' 

+ szMyName 

+ ') ' + g_szUa + ' MTX/3.0\r\nContent-Type: application/x-www-form-urlencoded' 

+ '\r\n\r\n',

function(data)

{

var d = data && data.toString().trim() || "";

fnParseHttpHd(d,function(o)

{

var oD = {des:"伪造host攻击测试成功"};

if(o.location && -1 < String(o.location).indexOf(ss))

{

g_oRst["host"] = oD;

oD.des += ", response返回的location：" + o.location;

}

var n = d.indexOf(ss);

if(-1 < n)

{

var rg = new RegExp("(<.*?http:\\/\\/" + ss + ".*?>)","gim");

var a = rg.exec(d);

if(a)

{

var o = g_oRst["host"] || oD;

o.code = "返回的代码中存在攻击后的代码:" + a[1];

g_oRst["host"] = o;

}

}

});

});

}catch(e){fnLog(e)}

}

https://github.com/hktalent/myhktools