Loading video...

Video Failed to Load

There was a problem loading this video. This could be due to a temporary network issue or the video might be unavailable.

How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: Content-Length: 6 Transfer-Encoding: chunked 0 G 5️⃣ Send request twice. If... show more

Web Security Academy

140,553 subscribers

27,902 views • 10 months ago •via X (Twitter)

Health & Wellness Science & Technology Education

Anya Rossi• Live Now

Private livecam show

0 Comments

No comments available

Comments from the original post will appear here

Related Videos

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurity

Web Security Academy

26,242 views • 1 year ago

What is HTTP Downgrading, why use it, and how does it work? HTTP/2 is default for most web apps these days, however, it's not uncommon for backend servers to still use HTTP/1.1 causing parsing mismatches between frontend and backend. And that's where HTTP downgrading comes in! But what is it? HTTP downgrading is the process of forcing a request to be processed under HTTP/1.1 instead of HTTP/2. This allows you to manipulate how the frontend and backend servers interpret requests and exploit vulnerabilities unique to HTTP/1.1 parsing such as Content-Length Transfer-Encoding (CL.TE) attacks. How to downgrade HTTP/2 to HTTP/1.1 using Burp Suite 1️⃣ Open Burp Suite and Navigate to Proxy → HTTP History 2️⃣ Locate the request that is currently using HTTP/2. 3️⃣ Send the Request to Repeater 4️⃣ In the Repeater tab, open the "Inspector" panel → Request Attributes → Protocol 5️⃣ Change HTTP Version to HTTP/1.1 6️⃣ Click "Send" in Repeater. If successful, you should receive a valid response, confirming the server accepts HTTP/1.1. And that's it! You've just downgraded the HTTP protocol and confirmed that the frontend server accepts HTTP/1.1! 🥳 You are now ready to smuggle requests! If you want to learn how to exploit this, we've got a Web Academy Lab you need to check out: Thanks for reading! #requestsmuggling #cybersecurity #BurpSuite #hacking #infosec

What is HTTP Downgrading, why use it, and how does it work? HTTP/2 is default for most web apps these days, however, it's not uncommon for backend servers to still use HTTP/1.1 causing parsing mismatches between frontend and backend. And that's where HTTP downgrading comes in! But what is it? HTTP downgrading is the process of forcing a request to be processed under HTTP/1.1 instead of HTTP/2. This allows you to manipulate how the frontend and backend servers interpret requests and exploit vulnerabilities unique to HTTP/1.1 parsing such as Content-Length Transfer-Encoding (CL.TE) attacks. How to downgrade HTTP/2 to HTTP/1.1 using Burp Suite 1️⃣ Open Burp Suite and Navigate to Proxy → HTTP History 2️⃣ Locate the request that is currently using HTTP/2. 3️⃣ Send the Request to Repeater 4️⃣ In the Repeater tab, open the "Inspector" panel → Request Attributes → Protocol 5️⃣ Change HTTP Version to HTTP/1.1 6️⃣ Click "Send" in Repeater. If successful, you should receive a valid response, confirming the server accepts HTTP/1.1. And that's it! You've just downgraded the HTTP protocol and confirmed that the frontend server accepts HTTP/1.1! 🥳 You are now ready to smuggle requests! If you want to learn how to exploit this, we've got a Web Academy Lab you need to check out: Thanks for reading! #requestsmuggling #cybersecurity #BurpSuite #hacking #infosec

Web Security Academy

62,622 views • 1 year ago

Want to find HTTP Request Smuggling vulns without manually crafting weird requests? Check out HTTP Request Smuggler, a Burp Suite extension that automates it for you! Learn more:

Want to find HTTP Request Smuggling vulns without manually crafting weird requests? Check out HTTP Request Smuggler, a Burp Suite extension that automates it for you! Learn more:

Web Security Academy

11,696 views • 1 year ago

Here's how to deliver reflected XSS through a HTTP request smuggling vulnerability! 👇 Try this Practitioner lab now:

Here's how to deliver reflected XSS through a HTTP request smuggling vulnerability! 👇 Try this Practitioner lab now:

Web Security Academy

45,999 views • 2 months ago

How did I test the IDOR vulnerability that leads to all user Data leakage? 1:Change the /me endpoint to /users. 2.Change the GET method to the POST method. 3.Add the Content-Type: application/json header. 4.Add this payload to the HTTP request body. {"ids":["1"]} #bugbountytips

How did I test the IDOR vulnerability that leads to all user Data leakage? 1:Change the /me endpoint to /users. 2.Change the GET method to the POST method. 3.Add the Content-Type: application/json header. 4.Add this payload to the HTTP request body. {"ids":["1"]} #bugbountytips

Aydin Naserifard

41,410 views • 3 years ago

$How to Find Path Delimiter Issues with Burp Suite Intruder Sometimes web servers treat special characters (like ; or ?) differently in URLs. This can lead to security issues like web cache deception or access control problems. Here's how you can test for path delimiter discrepancies: 1️⃣ Capture the Request Find a request you want to test GET /my-account HTTP/2 2️⃣ Right click the request and "Send to Intruder". In Intruder, highlight add a new position after /my-account followed by abc. It should look like this: GET /my-account§§abc HTTP/2 Attack Type = Sniper (only changing one spot). Payload: Paste a list of special characters, like this: ! # $ % & ' ( ) * + , - . / : ; = ? @ [ \ ] _ ~ ... A full list of delimiters can be found here: 3️⃣ Start the Attack Press Start Attack. Look at the Status, Length, and Response columns. Watch for differences (like bigger/smaller pages, changes to status code or different behavior) and if you notice something different then you've likely found a delimiter discrepancy! 🎉 Why is this important? When special characters confuse the server or cache, you might find: 🔸 Web cache deception: Caching personal pages by accident 🔸 Access bypass: Skipping security checks 🔸 Leaked info: Seeing data you shouldn't Try this lab for yourself and dive even deeper into how to exploit this when you find it: #BugBounty #WebSecurity #BurpSuite #EthicalHacking #Cybersecurity$

How to Find Path Delimiter Issues with Burp Suite Intruder Sometimes web servers treat special characters (like ; or ?) differently in URLs. This can lead to security issues like web cache deception or access control problems. Here's how you can test for path delimiter discrepancies: 1️⃣ Capture the Request Find a request you want to test GET /my-account HTTP/2 2️⃣ Right click the request and "Send to Intruder". In Intruder, highlight add a new position after /my-account followed by abc. It should look like this: GET /my-account§§abc HTTP/2 Attack Type = Sniper (only changing one spot). Payload: Paste a list of special characters, like this: ! # $ % & ' ( ) * + , - . / : ; = ? @ [ \ ] _ ~ ... A full list of delimiters can be found here: 3️⃣ Start the Attack Press Start Attack. Look at the Status, Length, and Response columns. Watch for differences (like bigger/smaller pages, changes to status code or different behavior) and if you notice something different then you've likely found a delimiter discrepancy! 🎉 Why is this important? When special characters confuse the server or cache, you might find: 🔸 Web cache deception: Caching personal pages by accident 🔸 Access bypass: Skipping security checks 🔸 Leaked info: Seeing data you shouldn't Try this lab for yourself and dive even deeper into how to exploit this when you find it: #BugBounty #WebSecurity #BurpSuite #EthicalHacking #Cybersecurity

Web Security Academy

18,124 views • 1 year ago

Building on Solana should be simple. We just updated our docs to get you from zero to shipped way faster: 1️⃣ Connect to Alchemy 2️⃣ Set up wallet or fetch account info 3️⃣ Send your first request Check it out 👉

Building on Solana should be simple. We just updated our docs to get you from zero to shipped way faster: 1️⃣ Connect to Alchemy 2️⃣ Set up wallet or fetch account info 3️⃣ Send your first request Check it out 👉

Alchemy

28,162 views • 6 months ago

If you receive a friend request on base book firm me, it is not me If you receive a friend request on base book firm me, it is not me.

If you receive a friend request on base book firm me, it is not me If you receive a friend request on base book firm me, it is not me.

Sherry

25,551 views • 9 months ago

You should not receive a mail-in ballot if you did not request one.

You should not receive a mail-in ballot if you did not request one.

Bryan Steil

26,369 views • 4 months ago

keeho sings a lot on roblox and accepts friend request if he likes their singing 😭🤣 #P1Harmony #피원하모니 #기호

keeho sings a lot on roblox and accepts friend request if he likes their singing 😭🤣 #P1Harmony #피원하모니 #기호

angela

460,755 views • 1 year ago

spamtenna brainrot zone to rt, post, and ramble DNFI you're a minor or don't have an age somewhere i can see, i'll kick you out send an ask or request, whee

spamtenna brainrot zone to rt, post, and ramble DNFI you're a minor or don't have an age somewhere i can see, i'll kick you out send an ask or request, whee

Too much watching TV...

18,761 views • 10 months ago

Latest Template — ProLab Free for 24 Hours Only How to join: 1️⃣ Like this post 2️⃣ Comment “ProLab” 3️⃣ Follow me I’ll send you the link directly.

Latest Template — ProLab Free for 24 Hours Only How to join: 1️⃣ Like this post 2️⃣ Comment “ProLab” 3️⃣ Follow me I’ll send you the link directly.

Green Yang

29,295 views • 8 months ago

HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:

HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:

James Kettle

139,732 views • 8 months ago

🚨CVE-2024-40725: Apache 2.4.0/2.4.61 HTTP Request Smuggling... Using Custom Nuclei Template CVSS: 5.3 PoC: Via:

🚨CVE-2024-40725: Apache 2.4.0/2.4.61 HTTP Request Smuggling... Using Custom Nuclei Template CVSS: 5.3 PoC: Via:

Dark Web Informer

21,030 views • 10 months ago

JUST NOW: Robert Garcia asks Kristi Noem if she will check if Andry Hernández Romero is alive (she won’t): “It is shameful that you won’t even request to see if this young man is alive”

JUST NOW: Robert Garcia asks Kristi Noem if she will check if Andry Hernández Romero is alive (she won’t): “It is shameful that you won’t even request to see if this young man is alive”

Marco Foster

229,819 views • 1 year ago

She made a crazy and honest request. Watch and see if it was granted. 🎬

She made a crazy and honest request. Watch and see if it was granted. 🎬

DNOVA

413,641 views • 2 months ago

Train your entire life to be a pro footballer and get shouted at by this absolute attention seeker. Send a transfer request lads

Train your entire life to be a pro footballer and get shouted at by this absolute attention seeker. Send a transfer request lads

Tom 🦉

1,456,651 views • 1 month ago

#Roblox #RobloxDev Facial Unification is a non-HTTP module which converts Dynamic Faces to their classic 2D variants. It works without HTTP request, it's linked as a package so it will stay up-to-date with my manual changes. LINK:

#Roblox #RobloxDev Facial Unification is a non-HTTP module which converts Dynamic Faces to their classic 2D variants. It works without HTTP request, it's linked as a package so it will stay up-to-date with my manual changes. LINK:

Dogutsune

480,676 views • 4 months ago

🚨WIN $1000 $STRX We want to see just how global #StrikeX is! Post a pic of you using the StrikeX Wallet wherever you are for a chance to win $1000💸 To enter… 1️⃣ Like, RT & Follow 2️⃣ Download 3️⃣ Post your pic with hashtag #StrikeXWallet Good luck!

🚨WIN $1000 $STRX We want to see just how global #StrikeX is! Post a pic of you using the StrikeX Wallet wherever you are for a chance to win $1000💸 To enter… 1️⃣ Like, RT & Follow 2️⃣ Download 3️⃣ Post your pic with hashtag #StrikeXWallet Good luck!

StrikeX

19,165 views • 2 years ago