In this section, we’ll build on the concepts you’ve learned so far and teach you some more advanced HTTP request smuggling techniques. We’ll also cover a variety of HTTP/2-based attacks that are made possible thanks to Burp’s unique HTTP/2-testing capabilities. Don’t worry if you’re new to HTTP/2 – we’ll cover all the essentials as we go.
In particular, we’ll look at:
How common HTTP/2 implementations enable a range of powerful new vectors for request smuggling, making a number of previously secure sites vulnerable to these kinds of attacks.
How you can use request smuggling to persistently poison the response queue, effectively enabling full-site takeover.
How you can use HTTP/2-exclusive inputs to construct high-severity exploits even when the target doesn’t reuse the connection between the front-end and back-end servers at all.
This post was created with our nice and easy submission form. Create your post!