HTTP Desync Attacks: Request Smuggling Reborn

Автор: Black Hat

Загружено: 2020-03-17

Просмотров: 31442

Описание: HTTP requests are traditionally viewed as isolated, standalone entities. In this session, I'll introduce techniques for remote, unauthenticated attackers to smash through this isolation and splice their requests into others, through which I was able to play puppeteer with the web infrastructure of numerous commercial and military systems, rain exploits on their visitors, and harvest over $70k in bug bounties.

By James Kettle

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...

Не удается загрузить Youtube-плеер. Проверьте блокировку Youtube в вашей сети.
Повторяем попытку...

HTTP Desync Attacks: Request Smuggling Reborn

Доступные форматы для скачивания:

Скачать видео

Информация по загрузке:

Скачать аудио

Похожие видео

HTTP Request Smuggling - False Positives

HTTP Request Smuggling - False Positives

albinowax - HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference

albinowax - HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference

HTTP Request Smuggling Attack Explained // Untangling the HTTP Desync Attack

HTTP Request Smuggling Attack Explained // Untangling the HTTP Desync Attack

HTTP Desync Attacks: Smashing into the Cell Next Door

HTTP Desync Attacks: Smashing into the Cell Next Door

HTTP Desync Attack Explained With Paper

HTTP Desync Attack Explained With Paper

Every Level Of Hacking Explained in 8 Minutes

Every Level Of Hacking Explained in 8 Minutes

Что такое Rest API (

Что такое Rest API (

Request smuggling - do more than running tools! HTTP Request smuggling bug bounty case study

Request smuggling - do more than running tools! HTTP Request smuggling bug bounty case study

Lab: Client-Side Desync

Lab: Client-Side Desync

HTTP Parameter Pollution Explained

HTTP Parameter Pollution Explained