Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Request Smuggling 101

NorthSec via YouTube

Overview

Explore the intricacies of HTTP Request Smuggling (HRS) in this comprehensive conference talk from NorthSec 2021. Delve into the latest research on this attack vector, which exploits inconsistencies in HTTP request parsing between proxy components and web backend systems. Learn how attackers can manipulate these differences to execute various malicious activities, including cache poisoning, credential hijacking, URL filtering bypass, open-redirect, and persistent XSS. Examine common risks associated with HRS and discover a range of payload variations through detailed explanations and a live attack demonstration. Gain insights into the crucial role of load balancers and proxies in website performance, and understand how their diverse HTTP protocol parsers can be vulnerable to exploitation. Acquire practical knowledge on detecting faulty configurations using automated tools, empowering developers and system administrators to effectively mitigate request smuggling vulnerabilities. By the end of this 34-minute presentation, security enthusiasts of all levels will have a solid foundation in combating this evolving threat that has significantly progressed over the past 15 years.

Syllabus

NSEC2021 - Philippe Arteau - Request Smuggling 101

Taught by

NorthSec

Reviews

Start your review of Request Smuggling 101

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.