recentpopularlog in

Copy this bookmark:





to read

bookmark detail

HTTP Desync Attacks: Request Smuggling Reborn | Blog - PortSwigger
HTTP requests are traditionally viewed as isolated, standalone entities. In this paper, I'll explore forgotten techniques for remote, unauthenticated attackers to smash through this isolation and splice their requests into others, through which I was able to play puppeteer with the web infrastructure of numerous commercial and military systems, rain exploits on their visitors, and harvest over $70k in bug bounties.
webapp  pentest  security  http  requestsmuggling 
august 2019 by whip_lash
view in context