Completed
Is HTTP request Smuggling Still a Thing?
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
HTTP Request Smuggling in 2020 - New Variants, New Defenses and New Challenges
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 What is HTTP Request Smuggling?
- 3 Different interpretations of the TCP stream
- 4 A Short History
- 5 Is HTTP request Smuggling Still a Thing?
- 6 "Header SP/CR junk"
- 7 "Wait for it"
- 8 HTTP/1.2 to bypass CRS
- 9 Variant 3 (contd.)
- 10 A Plain Solution
- 11 CR Header
- 12 Overriding existing cache items
- 13 Flawed Approach #1
- 14 mod_security + CRS?
- 15 A different concept
- 16 A More Robust Approach
- 17 Design goals
- 18 Function Hooking
- 19 Socket Abstraction Layer (SAL)
- 20 SAL - What to Hook? (Windows)
- 21 SAL - What to Hook (Linux 64bit)
- 22 Challenges and Lessons Learned
- 23 Request Smuggling Firewall (RSFW)
- 24 New Research Challenges
- 25 CR in a header name is a hyphen
- 26 "Signed"Content-Length
- 27 Content-Length value with SP
- 28 Chunky Monkey Business