Researcher Demonstrates 4 New Variants of HTTP Request Smuggling (aka HTTP Desyncing) Attack

Discussion in 'other security issues & news' started by mood, Aug 5, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    43,300
    Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
    August 5, 2020
    https://thehackernews.com/2020/08/http-request-smuggling.html
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    43,300
    AWS launches open source tool to protect against HTTP request smuggling attacks
    HTTP Desync Guardian released to help prevent user accounts from being hijacked
    August 18, 2020

    https://portswigger.net/daily-swig/...rotect-against-http-request-smuggling-attacks
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    43,300
    HTTP request smuggling: HTTP/2 opens a new attack tunnel
    Technique dubbed ‘h2c smuggling’ takes advantage of HTTP/1.1 upgrades to bypass proxy access controls
    September 9, 2020

    https://portswigger.net/daily-swig/http-request-smuggling-http-2-opens-a-new-attack-tunnel
    h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    43,300
    HTTP/2 Implementation Errors Exposing Websites to Serious Risks
    August 6, 2021
    https://www.darkreading.com/applica...ion-errors-exposing-websites-to-serious-risks
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    43,300
    HTTP Request Smuggling in Web Proxies
    Vulnerability Note VU#357312
    August 6, 2021 (Updated: August 9, 2021)

    https://kb.cert.org/vuls/id/357312
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    43,300
    New differential fuzzing tool reveals novel HTTP request smuggling techniques
    White paper systematically examines the attack while showcasing a ‘laundry list’ of new flaws
    November 25, 2021

     
    Last edited: Dec 6, 2021
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    43,300
    New HTTP Request Smuggling Attacks Target Web Browsers
    August 11, 2022
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.