Explore the hidden attack surface of modern websites in this 44-minute Black Hat conference talk. Delve into the often-overlooked vulnerabilities within transparent systems designed to enhance performance, extract analytics, and provide additional services. Learn about exploiting collaboration features, chaining proxy servers, and leveraging off-the-shelf exploits. Discover techniques for targeting internal networks, extracting profile headers, and utilizing refer headers. Gain insights into reverse proxy fetching, collaboration vulnerabilities, and replication methods. Understand prevention strategies and walk away with a comprehensive summary of this critical aspect of web security.
Cracking the Lens - Targeting HTTP's Hidden Attack-Surface
Overview
Syllabus
Introduction
Trace Routes
Outline
Collab Everywhere
Who Did I Target
Exploits
Impact
Chaining Proxy Servers
New Relic Internal Network
GlobalEEKS
Exploiting Helpers
Extract Profile Header
Refer Header
Offtheshelf exploits
What else can you do
Hack Ability
Final Exploit
Reverse Proxy Fetch
Collaborate
Facebook
Collaboration Everywhere
Replication
Prevention
Summary
Taught by
Black Hat
