Researcher Demonstrates 4 New Variants of HTTP Request Smuggling (aka HTTP Desyncing) Attack

Discussion in 'other security issues & news' started by mood, Aug 5, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,391
    Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
    August 5, 2020
    https://thehackernews.com/2020/08/http-request-smuggling.html
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,391
    AWS launches open source tool to protect against HTTP request smuggling attacks
    HTTP Desync Guardian released to help prevent user accounts from being hijacked
    August 18, 2020

    https://portswigger.net/daily-swig/...rotect-against-http-request-smuggling-attacks
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,391
    HTTP request smuggling: HTTP/2 opens a new attack tunnel
    Technique dubbed ‘h2c smuggling’ takes advantage of HTTP/1.1 upgrades to bypass proxy access controls
    September 9, 2020

    https://portswigger.net/daily-swig/http-request-smuggling-http-2-opens-a-new-attack-tunnel
    h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.