What is buggable host?


An SNI buggable host is a web server that is vulnerable to a security flaw known as the Server Name Indication (SNI) downgrade attack. This attack allows an attacker to force a web server to connect to a different domain name than the one that was requested by the client. The bug allows an attacker to send a specially crafted HTTP request that can trick the web server into connecting to a different domain name. Which means if you have the unlimited access to one site like social media,

Eg; www.examplesocialmedia.com

And but you don’t have any of data balance and money on your sim, using this method can trick your SNI to connect different websites like https://thaript.com which never allow you to browse without really having the data.




To get a better success rate from this method, firstly you need to have a sim card without any of the data balance. And you need to activate an unlimited social media or limited to one website data plan. So with that, we can use that host to avoid restrictions of SNI providers and connect or download anything from any website using an advance VPN settings of VPN apps like HTTP Injector.


1st and easy method of finding a bug host.

Follow this video. No need to have an additional guide its very easy.

2nd method – Advance



  • Step 1 – Activate an unlimited social media data plan like social media, gaming or educational on a sim card which doesn’t have any data or money balances.
  • Step 2 – Download PCAPdroid app from play store.
  • Step 3 – Open and allow for all the permissions.
  • Step 4 – Select the app that you need to capture the host. Close it if it’s running already in the background. And reopen.
  • Step 5 – Now click ready or play button on PCAPdroid and allow for VPN permissions. Browse the selected application.
  • Step 6 – Then you will be able to find the all-host addresses which captured by the VPN capture.



Advanced host capturing method – This will work if 2nd option doesn’t support to capture any host



Follow this video.





  • Step 1 – Download the file.
  • Step 2 – extract and install the app. But DON’T open it.
  • Step 3 – Goto setting of your phone and find security settings. Then open security and credential settings and goto install certificate option.
  • Step 4 – Click on it and enter your password. Then find the file extracted location and select the permissions file (litte poxy.pem) to install it.
  • Step 5 – Open the application and allow for all permissions.
  • Step 6 – Click play button to start capturing and browse the
    application what you need to capture the live host.

How to connect the captured buggable host?


  • Open HTTP Injector (You can download it through Play Store)
  • Select a saver from the left side menu.
  • Enter the host captured by above application
  • Try to connect
  • This method only works perfectly when following bellow steps
  1. You must have a sim which activated an unlimited social media data package
  2. Zero data and money balance
  3. Follow above mentioned host finding methods
  4. Enter different bug hosts of same
    website which captured by above apps
    • Example.com
    • Example-1.com
    • Web.example.com
    • M.example.com







Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Pawan Tharindu Attygalle

Pawan Tharindu Attygalle

Youtuber & Web Developer

Ads Blocker Image Powered by Code Help Pro

Ad Blocker Web Browser/ Extensions Detected!!!

We have detected that you are using some extensions to block ads. Please support our website by disabling these ad blockers.

EN »

Virtual Tech world


error: Content is protected !!