Browser-Powered Desync Attacks: A New Frontier in HTTP Request | PT SWARM
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
by James Kettle
In this paper, researcher shows how to turn victim's web browser into a desync delivery platform, shifting the request smuggling frontier by exposing single-server websites and internal networks. Article describes how to combine cross-domain requests with server flaws to poison browser connection pools, install backdoors, and release desync worms. With these techniques author compromises targets including Apache, Akamai, Varnish, Amazon, and multiple web VPNs.
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...