HTTP/2 - The Sequel is Always Worse

HTTP/2 - The Sequel is Always Worse

Black Hat via YouTube Direct link

H2.TE Desync: URL token hijack

4 of 20

4 of 20

H2.TE Desync: URL token hijack

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

HTTP/2 - The Sequel is Always Worse

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Outline
  3. 3 Request Smuggling via HTTP/2 downgrades
  4. 4 H2.TE Desync: URL token hijack
  5. 5 H2.TE Desync: Header hijack
  6. 6 H2.X via Request Splitting - Resp Queue Poisoning
  7. 7 H2.TE via request line injection
  8. 8 Possible attacks
  9. 9 No connection reuse
  10. 10 Tunnelling confirmation
  11. 11 Tunnel-vision Problem: Front-end reads Scontent-length bytes from back-end
  12. 12 Leaking internal headers via tunnelling
  13. 13 Cache poisoning via tunnelling
  14. 14 Ambiguous HTTP/2 requests
  15. 15 URL prefix injection
  16. 16 Header name splitting
  17. 17 The tooling situation Existing tooling does not work
  18. 18 Defence
  19. 19 References & further reading
  20. 20 Takeaways

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.