BloomTech’s Downfall: A Long Time Coming

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and Beyond

Black Hat via YouTube

Start learning Write review

Overview

Limited-Time Offer: Up to 75% Off Coursera Plus!
7000+ certificate courses from Google, Microsoft, IBM, and many more.
India: 75% Off World: 40% Off
This course teaches learners how to exploit flawed implementations of HTTP header modifications in web applications to trigger security vulnerabilities such as request smuggling, authentication bypasses, and cache poisoning. The skills taught include identifying header smuggling, mutating headers, generating back-end errors, bypassing rate limits, and detecting request smuggling. The teaching method involves presenting mutation examples, methodology aims, and practical examples. The intended audience for this course includes cybersecurity professionals, web developers, and individuals interested in web application security.

Syllabus

Intro
Outline
Web Application Architecture
What is Header Smuggling?
Mutation examples: Identity
Mutation examples: Space before colon
Mutation examples: Header name junk
Methodology Aims
Methodology Example
Generate a Back-End Error
Base Request Comparison A valid value in the mutated header produces the same resuk
Error Comparison
Guess Headers
AWS Cognito Partial Rate Limit Bypass
Cache Poisoning With API Gateway
What happens when we introduce a cache?
Detecting CL.CL Request Smuggling
The Bug
Generate the First Error
Defences
References

Taught by

Black Hat

Reviews

Start your review of Practical HTTP Header Smuggling - Sneaking Past Reverse Proxies to Attack AWS and Beyond

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.