Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and Beyond

Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and Beyond

Black Hat via YouTube Direct link

Defences

20 of 21

20 of 21

Defences

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and Beyond

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Outline
  3. 3 Web Application Architecture
  4. 4 What is Header Smuggling?
  5. 5 Mutation examples: Identity
  6. 6 Mutation examples: Space before colon
  7. 7 Mutation examples: Header name junk
  8. 8 Methodology Aims
  9. 9 Methodology Example
  10. 10 Generate a Back-End Error
  11. 11 Base Request Comparison A valid value in the mutated header produces the same resuk
  12. 12 Error Comparison
  13. 13 Guess Headers
  14. 14 AWS Cognito Partial Rate Limit Bypass
  15. 15 Cache Poisoning With API Gateway
  16. 16 What happens when we introduce a cache?
  17. 17 Detecting CL.CL Request Smuggling
  18. 18 The Bug
  19. 19 Generate the First Error
  20. 20 Defences
  21. 21 References

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.