Overview
Explore a groundbreaking exploit technique that unveils a new attack surface for bypassing SSRF (Server Side Request Forgery) protections in this 47-minute Black Hat conference talk. Delve into the speaker's general attack approach, combined with a custom fuzzing tool, which led to the discovery of multiple 0-day vulnerabilities in built-in libraries of widely-used programming languages such as Python, PHP, Perl, Ruby, Java, JavaScript, Wget, and cURL. Learn about protocol smuggling in SSRF, URL parsing issues, and abusing URL parsers through detailed case studies. Gain insights into the fuzzer architecture, URL components according to RFC 3986, and specific vulnerabilities like NodeJS Unicode failure and GLibc NSS features. Understand how the IDNA standard can be exploited and discover potential mitigations for these attacks. Conclude with a summary of findings and explore further avenues for research in this cutting-edge area of cybersecurity.
Syllabus
Intro
Agenda
What is SSRF?
Protocol Smuggling in SSRF
Quick Fun Example
Fuzzer Architecture
URL Parsing issues
URL Components(RFC 3986)
Big Picture
NodeJS Unicode Failure
GLibc NSS Features
Abusing IDNA Standard
Abusing URL Parsers - Case Study
Protocol Smuggling - Case Study
Mitigations
Summary
Further works
Taught by
Black Hat