Collaborate Disseminate
I might have found a way to highjack an Oauth Flow, but the source server is responding with 403 errors when the Oauth request is sent with a Sec-Fetch-Dest HTTP header.
Is there a way to alter or disable such headers like the referer poli… Continue reading Is it possible to disable or change sec-fetch-* HTTP headers?
I am attempting to inject a carriage-return + newline in a HTTP request header value. My understanding is that this is possible with HTTP/2 and HTTP/3. However, when I send a request with Burp I get this error:
RST_STREAM received with er… Continue reading CRLF in HTTP/2 header value
This question is out of pure curiosity. I know I can send multipart formposts using curl’s –form/-F option. However, I was curious to see if the same can be done with the –data-binary option? For example, if I run the following script to… Continue reading How to properly use cURL –data-binary to send a request payload
Is there code/library to detect this vulnerability? I have been searching online and do not find any
We are using Cloudflare which has fixed the issue but government says "we may" have the vulnerability as they have detected that… Continue reading Code to detect HTTP/2 Rapid Reset Attack vulnerability
The video from Okta says that it’s possible to hijack the access token when on public wifi. But if HTTPS is used, the headers are encrypted. And therefore the Location returned by the Auth Server won’t be visible to the attacker.
Replay at… Continue reading OAuth2 implicit flow – is it still possible to hijack the token with HTTPS?
I’ve been reading about HTTP Request Smuggling attacks and I’ve come across a situation that I don’t fully understand. I’ve been studying the report by James Kettle where he describes an attack against Netflix’s servers (https://portswigge… Continue reading HTTP Request Smuggling Exploit – Need Clarification on Behavior of the ‘Host’ Header
A recent Nginx release allows me to set listen 443 quic; to enable HTTP/3. Neat. I had been using HTTP/2 with TLS1.3 before, so I did not expect that change much, just optimize round trips with otherwise matching security properties.
One m… Continue reading Does HTTP/3 necessitate additional – beyond HTTP/2 via TLS1.3 – restrictions on client authentication (mTLS)?
I have been reading on CRIME and BREACH attacks and I want to learn better how to protect against them.
From what I understood, those attacks require TLS encryption over HTTP compression and HTTP content reflecting an user input.
HTTP/2 us… Continue reading CRIME and BREACH attacks, HTTP/2 and HTTP/3
I was reading some stuff about HTTP2/HTTP3 and I was trying to understand, where can i see these two types of HTTP in action?
For example, will HTTP2 be more common to see on a simple website like a blog or webpage and HTTP3 will be more c… Continue reading Where can I see HTTP/2 and HTTP/3 in action? [closed]
I’m researching information about HTTP/2 from a cybersecurity point of view for an article, and i wanted to include a section about attacks exclusive to HTTP/2 or were this protocol have a key role.
I already got information about request … Continue reading Are there HTTP/2 specific attacks different from request smuggling?