Researcher Demonstrates 4 New Variants of HTTP Request Smuggling (aka HTTP Desyncing) Attack

Discussion in 'other security issues & news' started by guest, Aug 5, 2020.

  1. guest

    guest Guest

    Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
    August 5, 2020
    https://thehackernews.com/2020/08/http-request-smuggling.html
     
  2. guest

    guest Guest

    AWS launches open source tool to protect against HTTP request smuggling attacks
    HTTP Desync Guardian released to help prevent user accounts from being hijacked
    August 18, 2020

    https://portswigger.net/daily-swig/...rotect-against-http-request-smuggling-attacks
     
  3. guest

    guest Guest

    HTTP request smuggling: HTTP/2 opens a new attack tunnel
    Technique dubbed ‘h2c smuggling’ takes advantage of HTTP/1.1 upgrades to bypass proxy access controls
    September 9, 2020

    https://portswigger.net/daily-swig/http-request-smuggling-http-2-opens-a-new-attack-tunnel
    h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
     
  4. guest

    guest Guest

    HTTP/2 Implementation Errors Exposing Websites to Serious Risks
    August 6, 2021
    https://www.darkreading.com/applica...ion-errors-exposing-websites-to-serious-risks
     
  5. guest

    guest Guest

    HTTP Request Smuggling in Web Proxies
    Vulnerability Note VU#357312
    August 6, 2021 (Updated: August 9, 2021)

    https://kb.cert.org/vuls/id/357312
     
  6. guest

    guest Guest

    New differential fuzzing tool reveals novel HTTP request smuggling techniques
    White paper systematically examines the attack while showcasing a ‘laundry list’ of new flaws
    November 25, 2021

     
    Last edited by a moderator: Dec 6, 2021
  7. guest

    guest Guest

    New HTTP Request Smuggling Attacks Target Web Browsers
    August 11, 2022
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.