Host of Troubles - Multiple Host Ambiguities in HTTP Implementations

Host of Troubles - Multiple Host Ambiguities in HTTP Implementations

ACM CCS via YouTube Direct link

Multiparty interactions in current Internet

2 of 24

2 of 24

Multiparty interactions in current Internet

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Host of Troubles - Multiple Host Ambiguities in HTTP Implementations

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Multiparty interactions in current Internet
  3. 3 Previous works about ambiguity
  4. 4 How HTTP requests are processed
  5. 5 Host - A critical HTTP field
  6. 6 Technique 1: Multiple Host header
  7. 7 How do implementations handle requests with multiple Host header?
  8. 8 How implementations handle requests with space-surrounded Host Header?
  9. 9 Absolute-URI as request-target
  10. 10 How do different implementations handle absolute-URI?
  11. 11 Attacks exploiting host ambiguity
  12. 12 Cache poisoning Co- hosting website
  13. 13 Cache poisoning Co-CDN website
  14. 14 Cache poisoning any HTTP website CVE-2016-4553
  15. 15 Firewall bypass
  16. 16 WAF bypass
  17. 17 How Prevalent are Upstream/Downstream vulnerabilities?
  18. 18 Outline
  19. 19 Measurement set up
  20. 20 Execution of test cases
  21. 21 Measurement results
  22. 22 Mitigation
  23. 23 A test in my phone's network
  24. 24 Discussion

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.