Passive Fingerprinting of HTTP/2 Clients

Explore the intricacies of passive fingerprinting HTTP/2 clients in this 44-minute conference talk from OWASP AppSec EU 2018. Dive into the fundamental changes from HTTP/1.x to HTTP/2, including the shift to a full binary protocol using TCP connections, streams, and frames. Discover how these changes introduce nuances in protocol implementations that can be leveraged for passive fingerprinting of web clients. Learn about the research based on over 10 million HTTP/2 connections, resulting in fingerprints for more than 40,000 unique user agents across hundreds of implementations. Gain insights into HTTP/2 basics, fingerprint format components, potential use cases, and usage statistics on Akamai's platform. Examine common HTTP/2 implementations, client fingerprints, and the state of HTTP/2 support among popular web security tools. Conclude with a review of real-world HTTP/2 attacks observed on Akamai's platform, providing a comprehensive understanding of this evolving protocol and its security implications.