Down the Rabbit Hole - A Journey Towards a Weakness in Chrome and a New Hacking Technique

Embark on a captivating 36-minute conference talk from Hack in Paris that unveils a groundbreaking journey into web security vulnerabilities. Follow Gil Cohen, an experienced application security expert, as he delves into how a simple CRLF injection vulnerability led to the discovery of a new weakness in Chrome and other browsers, as well as a novel XSS-like hacking technique. Explore the concept of Frontend server hijacking, or "Frontjacking," which combines CRLF injection, poorly configured servers, and shared hosting to bypass existing security defenses such as CSP, HttpOnly cookie attributes, WAFs, CORS, and HTTPS. Gain insights into this innovative attack method that allows execution of reflected XSS and phishing-related payloads, potentially revolutionizing the field of web application security.