Web Cache Exploitation: Advanced Techniques for Static Path Deception and Cache Key Confusion

Explore groundbreaking web cache exploitation techniques in this 44-minute conference talk from DEF CON 32. Dive deep into two powerful new methods that leverage RFC ambiguities to circumvent traditional web cache deception and poisoning attack limitations. Learn about Static Path Deception through a detailed case study demonstrating how to compromise application confidentiality in Nginx-Cloudflare environments. Master Cache Key Confusion and its application in exploiting URL parsing inconsistencies across major platforms like Microsoft Azure Cloud, enabling arbitrary cache poisoning and denial of service attacks. Watch a live demonstration combining Cache Key Confusion with an open redirect vulnerability to achieve complete site takeover through arbitrary JavaScript code execution. Walk away with innovative exploitation techniques and a comprehensive methodology for identifying and exploiting URL and HTTP parsing discrepancies.