HTTP Request Smuggling in 2020 - New Variants, New Defenses and New Challenges

HTTP Request Smuggling in 2020 - New Variants, New Defenses and New Challenges

Black Hat via YouTube Direct link

Different interpretations of the TCP stream

3 of 28

3 of 28

Different interpretations of the TCP stream

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

HTTP Request Smuggling in 2020 - New Variants, New Defenses and New Challenges

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 What is HTTP Request Smuggling?
  3. 3 Different interpretations of the TCP stream
  4. 4 A Short History
  5. 5 Is HTTP request Smuggling Still a Thing?
  6. 6 "Header SP/CR junk"
  7. 7 "Wait for it"
  8. 8 HTTP/1.2 to bypass CRS
  9. 9 Variant 3 (contd.)
  10. 10 A Plain Solution
  11. 11 CR Header
  12. 12 Overriding existing cache items
  13. 13 Flawed Approach #1
  14. 14 mod_security + CRS?
  15. 15 A different concept
  16. 16 A More Robust Approach
  17. 17 Design goals
  18. 18 Function Hooking
  19. 19 Socket Abstraction Layer (SAL)
  20. 20 SAL - What to Hook? (Windows)
  21. 21 SAL - What to Hook (Linux 64bit)
  22. 22 Challenges and Lessons Learned
  23. 23 Request Smuggling Firewall (RSFW)
  24. 24 New Research Challenges
  25. 25 CR in a header name is a hyphen
  26. 26 "Signed"Content-Length
  27. 27 Content-Length value with SP
  28. 28 Chunky Monkey Business

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.