This course covers HTTP Request Smuggling, an attack technique that exploits different interpretations of non-standard HTTP requests. The learning outcomes include understanding the technique, its history, and new variants. Students will learn about bypassing security solutions, injecting responses, and hijacking user requests. The course teaches skills such as manipulating headers, overriding cache items, and implementing robust solutions. The teaching method includes lectures on concepts, challenges, and lessons learned. The intended audience is cybersecurity professionals interested in web security and defense mechanisms.
HTTP Request Smuggling in 2020 - New Variants, New Defenses and New Challenges
Overview
Syllabus
Intro
What is HTTP Request Smuggling?
Different interpretations of the TCP stream
A Short History
Is HTTP request Smuggling Still a Thing?
"Header SP/CR junk"
"Wait for it"
HTTP/1.2 to bypass CRS
Variant 3 (contd.)
A Plain Solution
CR Header
Overriding existing cache items
Flawed Approach #1
mod_security + CRS?
A different concept
A More Robust Approach
Design goals
Function Hooking
Socket Abstraction Layer (SAL)
SAL - What to Hook? (Windows)
SAL - What to Hook (Linux 64bit)
Challenges and Lessons Learned
Request Smuggling Firewall (RSFW)
New Research Challenges
CR in a header name is a hyphen
"Signed"Content-Length
Content-Length value with SP
Chunky Monkey Business
Taught by
Black Hat
