01:10 interest low stack system/integration/protocol bugs 01:27 agenda 02:04 quick introduction, CL.TE /TE.CL "HTTP Desync Attacks: Smashing into the Cell Next Door " James Kettle, ua-cam.com/video/w-eJM2Pc0KI/v-deo.html watchfire paper, 2005 shorturl.at/cfstN ====================================== CL.TE Desync Attack ====================================== 03:21 CL.TE which is the front-end.back-end 03:35 the front-end will interpret a web request using its content-type header and the back-end will interpret the same request using the transfer-encoded header 03:51 here we have an attacker, post request, T.E header is malformed 04:18 Back-end ignores the content-length ============================= TE.CL Desync Attack ============================= 05:58 [...] 08:14 testing for request smuggling 08:37 github.com/defparam/smuggler 09:58 Impact radius of request smuggling 10:14 Open Desync, the3 most dangerous of the three 10:28 IP Desync 10:51 Self Desync, VPN, VPS ============================= Practical Attack ============================= 11:20 Recon stories
14:40 the takeway i love it. i was in talk with a pretty big sec tech company . one of their guys tried to act like a wise guy: there is no risk with a robots.txt. ok sure kiddo.
Hello sir. I have a question I couldn't find how to do that. There are 15 numbers from 1-15. It can generate any number randomly. How can we identify which number is being generated?
seeing the view count gives me the warm n fuzzies cus i know im super early to the party you ladies and gents are super rad and i couldnt be more excited to start hunting
in this vulnerability, there is no key different between http and https, but the thing you must looking for is the http version, if it's http/2.0 then you have to try another ways to exploit it by downgrading the http version to 1
Trying to get an absolute in depth understanding of each major vulnerability type, this has helped with my smuggling step
Exactly what I need. Impressive stuff!
mind blown! felt sorry for sysadmins for the consequences of his very last attack in this presentation. highly impactful attack indeed.
Wem
@@chasejensen88 one year later )
01:10 interest low stack system/integration/protocol bugs 01:27 agenda 02:04 quick introduction, CL.TE /TE.CL "HTTP Desync Attacks: Smashing into the Cell Next Door " James Kettle, ua-cam.com/video/w-eJM2Pc0KI/v-deo.html watchfire paper, 2005 shorturl.at/cfstN
======================================
CL.TE Desync Attack
======================================
03:21 CL.TE which is the front-end.back-end 03:35 the front-end will interpret a web request using its content-type header and the back-end will interpret the same request using the transfer-encoded header 03:51 here we have an attacker, post request, T.E header is malformed 04:18 Back-end ignores the content-length
=============================
TE.CL Desync Attack
=============================
05:58 [...]
08:14 testing for request smuggling 08:37 github.com/defparam/smuggler
09:58 Impact radius of request smuggling 10:14 Open Desync, the3 most dangerous of the three 10:28 IP Desync 10:51 Self Desync, VPN, VPS
=============================
Practical Attack
=============================
11:20 Recon stories
The stuff is really great. Thanks a lot !!
Is their github page for the test server , I wanna test my self
Thank you for sharing.One of great teaching class i ever had.
Hi Nahamsec,
Can you share the lab so I can practice?
14:40 the takeway i love it. i was in talk with a pretty big sec tech company . one of their guys tried to act like a wise guy: there is no risk with a robots.txt. ok sure kiddo.
Cool PoC, Great session on HTTP smuggling attack.
18:48 recon story#2 is about api.zomato.com🕵️ got a bounty of. 15k USD
The last one was mind blowing
Does HTTP Request smuggling, just works on POST method, or also on GET ? I have heard it just works on POST method..
Hello sir. I have a question I couldn't find how to do that. There are 15 numbers from 1-15. It can generate any number randomly. How can we identify which number is being generated?
seeing the view count gives me the warm n fuzzies cus i know im super early to the party
you ladies and gents are super rad and i couldnt be more excited to start hunting
Why don't you ppl invite ippsec
Thanks
This was trooly amayzing
Amazing stuff ! thanks a lot
how attacker poisoing the HTTP, but Victim access on HTTPS ?
can it's still work ? or not? if work, how?
in this vulnerability, there is no key different between http and https, but the thing you must looking for is the http version, if it's http/2.0 then you have to try another ways to exploit it by downgrading the http version to 1
@@omarataallah9451 ouh thats about http version not http / https ? am i right?
@@hidayatbachtar true
Thank you
This was fascinating!
Amazing stuff
Thankyou!
I needed this.
This is GOLD!
wow amazing
Tcm hair 😂