HTTP/2 - The Sequel is Always Worse

HTTP/2 - The Sequel is Always Worse

Black Hat via YouTube Direct link

Cache poisoning via tunnelling

13 of 20

13 of 20

Cache poisoning via tunnelling

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

HTTP/2 - The Sequel is Always Worse

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Outline
  3. 3 Request Smuggling via HTTP/2 downgrades
  4. 4 H2.TE Desync: URL token hijack
  5. 5 H2.TE Desync: Header hijack
  6. 6 H2.X via Request Splitting - Resp Queue Poisoning
  7. 7 H2.TE via request line injection
  8. 8 Possible attacks
  9. 9 No connection reuse
  10. 10 Tunnelling confirmation
  11. 11 Tunnel-vision Problem: Front-end reads Scontent-length bytes from back-end
  12. 12 Leaking internal headers via tunnelling
  13. 13 Cache poisoning via tunnelling
  14. 14 Ambiguous HTTP/2 requests
  15. 15 URL prefix injection
  16. 16 Header name splitting
  17. 17 The tooling situation Existing tooling does not work
  18. 18 Defence
  19. 19 References & further reading
  20. 20 Takeaways

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.