This course aims to explore the challenges posed by multiple host ambiguities in HTTP implementations. By the end of the course, learners will understand the intricacies of multiparty interactions in the current Internet, the critical role of the Host field in HTTP requests, and various techniques used to exploit host ambiguities. The course covers topics such as how different implementations handle requests with multiple Host headers, space-surrounded Host headers, and absolute-URIs. Learners will also gain insights into attacks exploiting host ambiguities, including cache poisoning and firewall bypass. The teaching method involves presenting previous works, discussing techniques, analyzing attacks, sharing measurement results, and proposing mitigations. This course is intended for individuals interested in computer and network security, particularly those with a background in web technologies and HTTP protocols.
Host of Troubles - Multiple Host Ambiguities in HTTP Implementations
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
Multiparty interactions in current Internet
Previous works about ambiguity
How HTTP requests are processed
Host - A critical HTTP field
Technique 1: Multiple Host header
How do implementations handle requests with multiple Host header?
How implementations handle requests with space-surrounded Host Header?
Absolute-URI as request-target
How do different implementations handle absolute-URI?
Attacks exploiting host ambiguity
Cache poisoning Co- hosting website
Cache poisoning Co-CDN website
Cache poisoning any HTTP website CVE-2016-4553
Firewall bypass
WAF bypass
How Prevalent are Upstream/Downstream vulnerabilities?
Outline
Measurement set up
Execution of test cases
Measurement results
Mitigation
A test in my phone's network
Discussion
Taught by
ACM CCS
