Completed
Detecting CL.CL Request Smuggling
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and Beyond
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Outline
- 3 Web Application Architecture
- 4 What is Header Smuggling?
- 5 Mutation examples: Identity
- 6 Mutation examples: Space before colon
- 7 Mutation examples: Header name junk
- 8 Methodology Aims
- 9 Methodology Example
- 10 Generate a Back-End Error
- 11 Base Request Comparison A valid value in the mutated header produces the same resuk
- 12 Error Comparison
- 13 Guess Headers
- 14 AWS Cognito Partial Rate Limit Bypass
- 15 Cache Poisoning With API Gateway
- 16 What happens when we introduce a cache?
- 17 Detecting CL.CL Request Smuggling
- 18 The Bug
- 19 Generate the First Error
- 20 Defences
- 21 References