Request Smuggling 101
Offered By: NorthSec via YouTube
Course Description
Overview
Explore the intricacies of HTTP Request Smuggling (HRS) in this comprehensive conference talk from NorthSec 2021. Delve into the latest research on this attack vector, which exploits inconsistencies in HTTP request parsing between proxy components and web backend systems. Learn how attackers can manipulate these differences to execute various malicious activities, including cache poisoning, credential hijacking, URL filtering bypass, open-redirect, and persistent XSS. Examine common risks associated with HRS and discover a range of payload variations through detailed explanations and a live attack demonstration. Gain insights into the crucial role of load balancers and proxies in website performance, and understand how their diverse HTTP protocol parsers can be vulnerable to exploitation. Acquire practical knowledge on detecting faulty configurations using automated tools, empowering developers and system administrators to effectively mitigate request smuggling vulnerabilities. By the end of this 34-minute presentation, security enthusiasts of all levels will have a solid foundation in combating this evolving threat that has significantly progressed over the past 15 years.
Syllabus
NSEC2021 - Philippe Arteau - Request Smuggling 101
Taught by
NorthSec
Related Courses
HTTP Request Smuggling in 2020 - New Variants, New Defenses and New ChallengesBlack Hat via YouTube HTTP Desync Attacks - Request Smuggling Reborn
Black Hat via YouTube Ekoparty #UniTalks Colombia - HTTP Request Smuggling
Ekoparty Security Conference via YouTube Practical Attacks Using HTTP Request Smuggling
NahamSec via YouTube Browser-Powered Desync Attacks - A New Frontier in HTTP Request Smuggling
Black Hat via YouTube