Collaborate Disseminate
I’m trying to reproduce some of the Tomcat 9.x.x vulnerabilities from this list, in particular the HTTP smuggling vulnerabilities. However, so far I haven’t been able to reproduce any of them. Currently I’m running Tomcat 9.0.0.M1 behind a… Continue reading How to reproduce Tomcat 9.0.0.M1 HTTP smuggling vulnerabilities?
I recently finished setting up mitmproxy on a recently created DigitalOcean Ubuntu Droplet server. Almost immediately after opening the necessary ports in the server firewall and starting the proxy up, a bunch of requests started passing t… Continue reading Unsupervised proxy – what could go wrong?
Suppose a packet is encrypted and sent via an insecure channel so that it is intercepted by a malicious third party as well as the intended recipient. As long as a suitable encryption scheme is used, the message should be (practically) unc… Continue reading Can message length be useful information?