Collaborate Disseminate
It appears that HTTP/2 requires TLS. Which is fine, but why are certificates mandatory?
From what I know you can have TLS without certificates. Certificates just add an extra layer of security. How can we test HTTP 2 on localhost if certif… Continue reading HTTP 2 not possible without certificate? [closed]
I’m looking for a solution to mitigate DoS attacks, specifically the slow rate DoS attack variant known as Slowloris, adapted for HTTP/2:
In this attack, after establishing the connection, the client sends the Connection Preface (which ini… Continue reading Help to Mitigate Slow Rate (Slowloris) DoS Attack in HTTP/2
I’m looking for a solution to mitigate DoS attacks, specifically the slow rate DoS attack variant known as Slowloris, adapted for HTTP/2:
In this attack, after establishing the connection, the client sends the Connection Preface (which ini… Continue reading Help to Mitigate Slow Rate (Slowloris) DoS Attack in HTTP/2
I might have found a way to highjack an Oauth Flow, but the source server is responding with 403 errors when the Oauth request is sent with a Sec-Fetch-Dest HTTP header.
Is there a way to alter or disable such headers like the referer poli… Continue reading Is it possible to disable or change sec-fetch-* HTTP headers?
I am attempting to inject a carriage-return + newline in a HTTP request header value. My understanding is that this is possible with HTTP/2 and HTTP/3. However, when I send a request with Burp I get this error:
RST_STREAM received with er… Continue reading CRLF in HTTP/2 header value
This question is out of pure curiosity. I know I can send multipart formposts using curl’s –form/-F option. However, I was curious to see if the same can be done with the –data-binary option? For example, if I run the following script to… Continue reading How to properly use cURL –data-binary to send a request payload
Is there code/library to detect this vulnerability? I have been searching online and do not find any
We are using Cloudflare which has fixed the issue but government says "we may" have the vulnerability as they have detected that… Continue reading Code to detect HTTP/2 Rapid Reset Attack vulnerability
The video from Okta says that it’s possible to hijack the access token when on public wifi. But if HTTPS is used, the headers are encrypted. And therefore the Location returned by the Auth Server won’t be visible to the attacker.
Replay at… Continue reading OAuth2 implicit flow – is it still possible to hijack the token with HTTPS?
I’ve been reading about HTTP Request Smuggling attacks and I’ve come across a situation that I don’t fully understand. I’ve been studying the report by James Kettle where he describes an attack against Netflix’s servers (https://portswigge… Continue reading HTTP Request Smuggling Exploit – Need Clarification on Behavior of the ‘Host’ Header
A recent Nginx release allows me to set listen 443 quic; to enable HTTP/3. Neat. I had been using HTTP/2 with TLS1.3 before, so I did not expect that change much, just optimize round trips with otherwise matching security properties.
One m… Continue reading Does HTTP/3 necessitate additional – beyond HTTP/2 via TLS1.3 – restrictions on client authentication (mTLS)?