Response Smuggling - Pwning HTTP/1.1 Connections

Explore advanced HTTP response smuggling techniques in this 55-minute conference talk from Hack In The Box Security Conference. Delve into a new approach focusing on response pipeline desynchronization, an unexplored attack vector in HTTP Smuggling. Discover a Desync variant exploiting a vulnerability in the HTTP protocol itself, reported under Google's Vulnerability Reward Program. Learn how to inject multiple messages at the backend server, hijack user sessions, and increase attack reliability. Examine the novel Response Scripting technique for creating custom malicious outbound messages using static responses. Watch a live demonstration showcasing how to gain control over two major ERP systems. Gain insights from security researcher Martin Doyhenard's expertise in Web security and reverse engineering, including his work on SAP and Oracle products.

Introduction
Agenda
What is Response Smuggling
Connection Headers
Exploits
Request Smuggling
Desynchronization
Synchronization Attack
Synchronization Attack Example
Demo
Cache Control Demo
In Real Systems
Video Demo
New Response
Conclusions
Questions