YoVDO

HTTP Desync Attacks - Request Smuggling Reborn

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Bug Bounty Courses Server-Side Request Smuggling (SSRS) Courses Exploit Development Courses Cache Poisoning Courses HTTP Request Smuggling Courses

Course Description

Overview

Explore HTTP desync attacks and request smuggling techniques in this Black Hat conference talk. Delve into methods for breaking HTTP request isolation, allowing remote attackers to manipulate web infrastructure. Learn about exploiting keep-alive connections, chunked encoding, and TE.CL approaches to desynchronize requests. Discover methodologies for detecting and confirming desyncs, bypassing security rules and rewrites, and leveraging request reflection. Examine advanced topics such as involuntary request storage, cache poisoning, and chaining DOM vulnerabilities. Gain insights into defensive strategies and explore a case study on Application Load Balancer vulnerabilities. Presented by James Kettle, this 48-minute session covers both offensive and defensive aspects of HTTP desync attacks, including real-world examples and bug bounty successes.

Syllabus

Intro
Outline
HTTP/1.1 keep-alive, desynchronized
Desynchronizing: the classic approach
Desynchronizing: the chunked approach
Desynchronizing: the TE.CL approach
Methodology
Detecting desync
Confirming desync
Bypassing rules
Bypassing rewrites
Request reflection
Exploring
Involuntary request storage
Harmful responses
Accidental Cache Poisoning
Chaining DOM Problems
Redirects with teeth
Web Cache Poisoning
PayPal Poisoning
Wrapped exploits
Aggressive detection
Source code review
Other sources
Defence
Case Study: Application Load Balancer BHEU EXCLUSIVE


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube