HTTP Request Smuggling via higher HTTP versions by @emil_lerner as presented at PHDays 2021. HTTP request smuggling reinvented with multiple novel approaches implemented in a new tool http2smugl. Contents: • HTTP Request Smuggling basic concepts • HTTP Request Smuggling exploitation scenarios • HTTP/2 body transfer • content-length conflicts actual length • no content-length forwarding • content-length conflicting transfer-encoding • HTTP/2 header validation • new lines in headers • less strict validation • Detection ideas • False positive • Varnish • RFC 8441 • Haproxy & nghttp2 • Open problem • H2O http3 (QUIC) • Automation • Further research Slideshow: https://www.slideshare.net/neexemil/http-request-smuggling-via-higher-http-versions Video Presentation: https://standoff365.com/phdays10/schedule/tech/http-request-smuggling-via-higher-http-versions/ 468 views08:50
