Practical Attacks Using HTTP Request Smuggling by @defparam

Рет қаралды 43,029

Күн бұрын

Пікірлер: 38

@eyezikandexploits Ай бұрын

Trying to get an absolute in depth understanding of each major vulnerability type, this has helped with my smuggling step

@pentestical 4 жыл бұрын

Exactly what I need. Impressive stuff!

@tanercoder1915 4 жыл бұрын

mind blown! felt sorry for sysadmins for the consequences of his very last attack in this presentation. highly impactful attack indeed.

@chasejensen88 2 жыл бұрын

Wem

@tanercoder1915 2 жыл бұрын

@@chasejensen88 one year later )

@domaincontroller 4 жыл бұрын

01:10 interest low stack system/integration/protocol bugs 01:27 agenda 02:04 quick introduction, CL.TE /TE.CL "HTTP Desync Attacks: Smashing into the Cell Next Door " James Kettle, kzbin.info/www/bejne/rV7Ie4Bohchjgas watchfire paper, 2005 shorturl.at/cfstN ====================================== CL.TE Desync Attack ====================================== 03:21 CL.TE which is the front-end.back-end 03:35 the front-end will interpret a web request using its content-type header and the back-end will interpret the same request using the transfer-encoded header 03:51 here we have an attacker, post request, T.E header is malformed 04:18 Back-end ignores the content-length ============================= TE.CL Desync Attack ============================= 05:58 [...] 08:14 testing for request smuggling 08:37 github.com/defparam/smuggler 09:58 Impact radius of request smuggling 10:14 Open Desync, the3 most dangerous of the three 10:28 IP Desync 10:51 Self Desync, VPN, VPS ============================= Practical Attack ============================= 11:20 Recon stories

@ShailuSharma-y3k 6 ай бұрын

The stuff is really great. Thanks a lot !!

@ibrahime316 3 жыл бұрын

Is their github page for the test server , I wanna test my self

@m.waheedanwar7105 4 жыл бұрын

Thank you for sharing.One of great teaching class i ever had.

@thebest152 3 жыл бұрын

Hi Nahamsec, Can you share the lab so I can practice?

@1772prem 4 жыл бұрын

Cool PoC, Great session on HTTP smuggling attack.

@thedarkarmy8713 Жыл бұрын

Does HTTP Request smuggling, just works on POST method, or also on GET ? I have heard it just works on POST method..

@nowonder9466 4 жыл бұрын

I needed this.

@rahulmyakala9816 4 жыл бұрын

Hello sir. I have a question I couldn't find how to do that. There are 15 numbers from 1-15. It can generate any number randomly. How can we identify which number is being generated?

@dwilliams877 4 жыл бұрын

This was fascinating!

@jondo-vh8tx 8 ай бұрын

14:40 the takeway i love it. i was in talk with a pretty big sec tech company . one of their guys tried to act like a wise guy: there is no risk with a robots.txt. ok sure kiddo.

@hdphoenix29 4 жыл бұрын

Amazing stuff ! thanks a lot

@lancemarchetti8673 2 жыл бұрын

This was trooly amayzing

@testing7468 2 жыл бұрын

The last one was mind blowing

@Andrei-ds8qv Жыл бұрын

Thank you

@khammama2974 4 жыл бұрын

18:48 recon story#2 is about api.zomato.com🕵️ got a bounty of. 15k USD

@hydroflows 4 жыл бұрын

seeing the view count gives me the warm n fuzzies cus i know im super early to the party you ladies and gents are super rad and i couldnt be more excited to start hunting

@hidayatbachtar 3 жыл бұрын

how attacker poisoing the HTTP, but Victim access on HTTPS ? can it's still work ? or not? if work, how?

@omarataallah9451 2 жыл бұрын

in this vulnerability, there is no key different between http and https, but the thing you must looking for is the http version, if it's http/2.0 then you have to try another ways to exploit it by downgrading the http version to 1

@hidayatbachtar 2 жыл бұрын

@@omarataallah9451 ouh thats about http version not http / https ? am i right?

@omarataallah9451 2 жыл бұрын

@@hidayatbachtar true