Collaborate Disseminate
Unlike a NAT gateway, a HTTP proxy have a fixed ingress port, that is, all HTTP clients will connect to a HTTP proxy via the same port. In this case, if there are two clients both requested the same domain through the same proxy, how would… Continue reading Does a HTTP proxy assign a fixed egress port to a client, and if so, for how long?
I have a niche website programmed by a volunteer. Like pretty much every website it’s secured via TLS, and the main page doesn’t let you do much except login via username & password or request an account. Some users recently requested … Continue reading How to allow a user to login via client X.509 certificate or username/password?
How to reset only TCP connections to my web server which are just TCP packets, but no further HTTP packets.
Let’s say I have a web server and users connect via browser (so, flow would be TCP handshake followed by SSL handshake and HTTP co… Continue reading how to reset only TCP connections to my web server which are just TCP packets, but no further HTTP packets
As per the NVD description and the httpd official website, the vulnerability states:
"Serving WebSocket protocol upgrades over a HTTP/2 connection could
result in a Null Pointer dereference, leading to a crash of the server
process, … Continue reading how to exploit CVE-2024-36387 in httpd [closed]
It is recommended to do this often in web apps:
import { NextResponse } from ‘next/server’
import type { NextRequest } from ‘next/server’
// Define allowed origins
const allowedOrigins = [
‘http://localhost:3000’,
‘http://localhost:30… Continue reading How to securely allow localhost to access through CORS, without exposing it to anyone’s localhost?
I’m a security-conscious developer looking to improve the security of my web application. I’ve been researching Broken Object Level Authorization (BOLA) vulnerabilities and want to ensure that my application is not vulnerable to this type … Continue reading Testing for Broken Object Level Authorization (BOLA) vulnerabilities
I am attempting to perform basic pen testing, I successfully used hydra however I am having some issues with medusa… I keep getting a Segmentation fault after running the command, can anyone help fix the syntax, or explain what is wrong … Continue reading medusa error when running
I have difficulties understanding socks5 proxies.
I would like to know if I can avoid socks5 proxies seeing the traffic between the client and destination. I would like to achieve something similar to http CONNECT where the client and the … Continue reading Can socks5 proxies work similiar to http connect?
I’ve heard numerous times that Few CAs offer IP-based SSL/TLS certificates.
This question seems extremely similar, but what the accepted answer says is:
Usual commercial CA won’t accept to encode IP addresses in certificates, in particula… Continue reading Is there a security reason why few CAs offer IP-based SSL/TLS certificates?
In the early 1990s I was privileged enough to be immersed in the world of technology during the exciting period that gave birth to the World Wide Web, and I …read more Continue reading A Look At The Small Web, Part 1