Загрузка видео...

Не удалось загрузить видео

Возникла проблема при загрузке этого видео. Это может быть связано с временными проблемами сети или видео может быть недоступно.

На главную

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk... size If the backend times out, this indicates a potential CLTE vulnerability. Confirm the vulnerability with differential responses: 7. Create and send the attack request: - Replace previous chunk with a terminating chunk. - Add a smuggled request after the chunked body. - Append X-ignore: X (without a newline) and send. 8. Send a normal request to repeater, downgrade to HTTP/1.1 and send immediately after the attack request. If the response to the normal request is 404 instead of 200, the backend was poisoned! 🤮 Well done! To learn more about HTTP Request Smuggling and take on this lab yourself, head over the the Web Security Academy now #requestsmuggling #pentesting #bugbounty #hacking #cybersecurityshow more

Web Security Academy

135,682 subscribers

26,242 просмотров • 1 год назад •via X (Twitter)

Наука и технологии Образование

Anya Rossi• Live Now

Private livecam show

Комментарии: 2

Фото профиля A_dude

A_dude1 год назад

What's the impact pls?

Фото профиля SecBriefs | Making Cybersecurity Simple

SecBriefs | Making Cybersecurity Simple1 год назад

🧠Studying for #CompTIA #Security+ but struggling with #Cybersecurity terms?🔍 Cybersecurity Dictionary for Everyone covers everything you need to know and is available on Amazon!🔐 🚀Boost your Security+ prep with it today!💡

Похожие видео

How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: Content-Length: 6 Transfer-Encoding: chunked 0 G 5️⃣ Send request twice. If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability! Try this out for yourself in our CL.TE lab:

How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: Content-Length: 6 Transfer-Encoding: chunked 0 G 5️⃣ Send request twice. If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability! Try this out for yourself in our CL.TE lab:

Web Security Academy

27,902 просмотров • 10 месяцев назад

What is HTTP Downgrading, why use it, and how does it work? HTTP/2 is default for most web apps these days, however, it's not uncommon for backend servers to still use HTTP/1.1 causing parsing mismatches between frontend and backend. And that's where HTTP downgrading comes in! But what is it? HTTP downgrading is the process of forcing a request to be processed under HTTP/1.1 instead of HTTP/2. This allows you to manipulate how the frontend and backend servers interpret requests and exploit vulnerabilities unique to HTTP/1.1 parsing such as Content-Length Transfer-Encoding (CL.TE) attacks. How to downgrade HTTP/2 to HTTP/1.1 using Burp Suite 1️⃣ Open Burp Suite and Navigate to Proxy → HTTP History 2️⃣ Locate the request that is currently using HTTP/2. 3️⃣ Send the Request to Repeater 4️⃣ In the Repeater tab, open the "Inspector" panel → Request Attributes → Protocol 5️⃣ Change HTTP Version to HTTP/1.1 6️⃣ Click "Send" in Repeater. If successful, you should receive a valid response, confirming the server accepts HTTP/1.1. And that's it! You've just downgraded the HTTP protocol and confirmed that the frontend server accepts HTTP/1.1! 🥳 You are now ready to smuggle requests! If you want to learn how to exploit this, we've got a Web Academy Lab you need to check out: Thanks for reading! #requestsmuggling #cybersecurity #BurpSuite #hacking #infosec

What is HTTP Downgrading, why use it, and how does it work? HTTP/2 is default for most web apps these days, however, it's not uncommon for backend servers to still use HTTP/1.1 causing parsing mismatches between frontend and backend. And that's where HTTP downgrading comes in! But what is it? HTTP downgrading is the process of forcing a request to be processed under HTTP/1.1 instead of HTTP/2. This allows you to manipulate how the frontend and backend servers interpret requests and exploit vulnerabilities unique to HTTP/1.1 parsing such as Content-Length Transfer-Encoding (CL.TE) attacks. How to downgrade HTTP/2 to HTTP/1.1 using Burp Suite 1️⃣ Open Burp Suite and Navigate to Proxy → HTTP History 2️⃣ Locate the request that is currently using HTTP/2. 3️⃣ Send the Request to Repeater 4️⃣ In the Repeater tab, open the "Inspector" panel → Request Attributes → Protocol 5️⃣ Change HTTP Version to HTTP/1.1 6️⃣ Click "Send" in Repeater. If successful, you should receive a valid response, confirming the server accepts HTTP/1.1. And that's it! You've just downgraded the HTTP protocol and confirmed that the frontend server accepts HTTP/1.1! 🥳 You are now ready to smuggle requests! If you want to learn how to exploit this, we've got a Web Academy Lab you need to check out: Thanks for reading! #requestsmuggling #cybersecurity #BurpSuite #hacking #infosec

Web Security Academy

62,607 просмотров • 1 год назад

Here's how to deliver reflected XSS through a HTTP request smuggling vulnerability! 👇 Try this Practitioner lab now:

Here's how to deliver reflected XSS through a HTTP request smuggling vulnerability! 👇 Try this Practitioner lab now:

Web Security Academy

45,950 просмотров • 2 месяцев назад

Want to find HTTP Request Smuggling vulns without manually crafting weird requests? Check out HTTP Request Smuggler, a Burp Suite extension that automates it for you! Learn more:

Want to find HTTP Request Smuggling vulns without manually crafting weird requests? Check out HTTP Request Smuggler, a Burp Suite extension that automates it for you! Learn more:

Web Security Academy

11,696 просмотров • 1 год назад

How did I test the IDOR vulnerability that leads to all user Data leakage? 1:Change the /me endpoint to /users. 2.Change the GET method to the POST method. 3.Add the Content-Type: application/json header. 4.Add this payload to the HTTP request body. {"ids":["1"]} #bugbountytips

How did I test the IDOR vulnerability that leads to all user Data leakage? 1:Change the /me endpoint to /users. 2.Change the GET method to the POST method. 3.Add the Content-Type: application/json header. 4.Add this payload to the HTTP request body. {"ids":["1"]} #bugbountytips

Aydin Naserifard

41,353 просмотров • 2 лет назад

Supabase now provides a free easy-to-use corn job scheduler! Configure the job from the dashboard and set it to send an HTTP request or call a database or edge function periodically! View the history of the past jobs that it ran so that you can debug when something goes wrong!

Supabase now provides a free easy-to-use corn job scheduler! Configure the job from the dashboard and set it to send an HTTP request or call a database or edge function periodically! View the history of the past jobs that it ran so that you can debug when something goes wrong!

Tyler Shukert

23,977 просмотров • 1 год назад

Telcos can send monthly bill payment requests via ISO 20022 request-to-pay. Customers just click the link in the message to auto-populate the remittance info from the original request and transfer the funds. Learn about the benefits of ISO 20022 at

Telcos can send monthly bill payment requests via ISO 20022 request-to-pay. Customers just click the link in the message to auto-populate the remittance info from the original request and transfer the funds. Learn about the benefits of ISO 20022 at

20022 Labs

27,760 просмотров • 1 год назад

Supabase provides a free, easy-to-use cron job scheduler! Configure the job from the dashboard and set it to send an HTTP request or call a database or edge function periodically! View the history of the past jobs that it ran so that you can debug when something goes wrong!

Supabase provides a free, easy-to-use cron job scheduler! Configure the job from the dashboard and set it to send an HTTP request or call a database or edge function periodically! View the history of the past jobs that it ran so that you can debug when something goes wrong!

Tyler Shukert

23,289 просмотров • 1 год назад

Daily testnet interactions on Arc 🪂 1. Arc Pay-Link - go to: - Create a link to request testnet USDC - Add your wallet and the amount you want - Share the link with anyone - they click and send you the USDC 2. Veero - go to: • Save a wallet as a contact for recurring payments • Pick a contact • Enter amount • Send send usdc to your saved contacts anytime. 3. Mint arc × omnihub NFT:

Daily testnet interactions on Arc 🪂 1. Arc Pay-Link - go to: - Create a link to request testnet USDC - Add your wallet and the amount you want - Share the link with anyone - they click and send you the USDC 2. Veero - go to: • Save a wallet as a contact for recurring payments • Pick a contact • Enter amount • Send send usdc to your saved contacts anytime. 3. Mint arc × omnihub NFT:

Big-Abdul

15,841 просмотров • 1 месяц назад

$How to Find Path Delimiter Issues with Burp Suite Intruder Sometimes web servers treat special characters (like ; or ?) differently in URLs. This can lead to security issues like web cache deception or access control problems. Here's how you can test for path delimiter discrepancies: 1️⃣ Capture the Request Find a request you want to test GET /my-account HTTP/2 2️⃣ Right click the request and "Send to Intruder". In Intruder, highlight add a new position after /my-account followed by abc. It should look like this: GET /my-account§§abc HTTP/2 Attack Type = Sniper (only changing one spot). Payload: Paste a list of special characters, like this: ! # $ % & ' ( ) * + , - . / : ; = ? @ [ \ ] _ ~ ... A full list of delimiters can be found here: 3️⃣ Start the Attack Press Start Attack. Look at the Status, Length, and Response columns. Watch for differences (like bigger/smaller pages, changes to status code or different behavior) and if you notice something different then you've likely found a delimiter discrepancy! 🎉 Why is this important? When special characters confuse the server or cache, you might find: 🔸 Web cache deception: Caching personal pages by accident 🔸 Access bypass: Skipping security checks 🔸 Leaked info: Seeing data you shouldn't Try this lab for yourself and dive even deeper into how to exploit this when you find it: #BugBounty #WebSecurity #BurpSuite #EthicalHacking #Cybersecurity$

How to Find Path Delimiter Issues with Burp Suite Intruder Sometimes web servers treat special characters (like ; or ?) differently in URLs. This can lead to security issues like web cache deception or access control problems. Here's how you can test for path delimiter discrepancies: 1️⃣ Capture the Request Find a request you want to test GET /my-account HTTP/2 2️⃣ Right click the request and "Send to Intruder". In Intruder, highlight add a new position after /my-account followed by abc. It should look like this: GET /my-account§§abc HTTP/2 Attack Type = Sniper (only changing one spot). Payload: Paste a list of special characters, like this: ! # $ % & ' ( ) * + , - . / : ; = ? @ [ \ ] _ ~ ... A full list of delimiters can be found here: 3️⃣ Start the Attack Press Start Attack. Look at the Status, Length, and Response columns. Watch for differences (like bigger/smaller pages, changes to status code or different behavior) and if you notice something different then you've likely found a delimiter discrepancy! 🎉 Why is this important? When special characters confuse the server or cache, you might find: 🔸 Web cache deception: Caching personal pages by accident 🔸 Access bypass: Skipping security checks 🔸 Leaked info: Seeing data you shouldn't Try this lab for yourself and dive even deeper into how to exploit this when you find it: #BugBounty #WebSecurity #BurpSuite #EthicalHacking #Cybersecurity

Web Security Academy

18,124 просмотров • 1 год назад

Headed to Storrs to send off UConn Men's Basketball to the Final Four with an insane request for @DHurley15 Barstool Sports

Headed to Storrs to send off UConn Men's Basketball to the Final Four with an insane request for @DHurley15 Barstool Sports

Mike Mutnansky

235,246 просмотров • 2 месяцев назад

California asked the Trump Administration back in February to request relief from Congress for the Los Angeles fires. Nearly 11 months later, Trump has failed to send Congress that request — and his FEMA won't even schedule a meeting to discuss it.

California asked the Trump Administration back in February to request relief from Congress for the Los Angeles fires. Nearly 11 months later, Trump has failed to send Congress that request — and his FEMA won't even schedule a meeting to discuss it.

Governor Gavin Newsom

136,465 просмотров • 6 месяцев назад

BREAKING: 🇫🇷🇺🇸 France has rejected a request from Donald Trump and says it will not send warships to the Strait of Hormuz.

BREAKING: 🇫🇷🇺🇸 France has rejected a request from Donald Trump and says it will not send warships to the Strait of Hormuz.

War Radar

13,727 просмотров • 2 месяцев назад

What is happening in Los Angeles is not normal. It is not normal to send in the National Guard without a request from the governor. It is not normal to conduct indiscriminate raids on our immigrant population. Let LA return to normal. Get the National Guard out.

What is happening in Los Angeles is not normal. It is not normal to send in the National Guard without a request from the governor. It is not normal to conduct indiscriminate raids on our immigrant population. Let LA return to normal. Get the National Guard out.

Mayor Karen Bass

857,051 просмотров • 11 месяцев назад

#CommandYourDay with Rorisangt as we lift our spirits up with a song. Send us a voice note and request a song on the Mighty METRO

#CommandYourDay with Rorisangt as we lift our spirits up with a song. Send us a voice note and request a song on the Mighty METRO

METROFM SABC

13,603 просмотров • 2 лет назад

Introducing Prompt Request You can now send prompt request and maintainer can accept it and run it with an agent

Introducing Prompt Request You can now send prompt request and maintainer can accept it and run it with an agent

Beka

23,591 просмотров • 3 месяцев назад

Train your entire life to be a pro footballer and get shouted at by this absolute attention seeker. Send a transfer request lads

Train your entire life to be a pro footballer and get shouted at by this absolute attention seeker. Send a transfer request lads

Tom 🦉

1,456,457 просмотров • 1 месяц назад

This is the state of few new breed of so called educated liberal Bong girls, insulting Rabindra Nath Tagore and the National Anthem. Request Kolkata Police to have a look at this video, and if possible send these girls to rehabilitation center.

This is the state of few new breed of so called educated liberal Bong girls, insulting Rabindra Nath Tagore and the National Anthem. Request Kolkata Police to have a look at this video, and if possible send these girls to rehabilitation center.

Oxomiya Jiyori 🇮🇳

414,554 просмотров • 3 лет назад

Upon popular request: Learn how to set up Payload with Supabase to create a powerful backend for your Next.js app🖤💚

Upon popular request: Learn how to set up Payload with Supabase to create a powerful backend for your Next.js app🖤💚

Payload

30,824 просмотров • 2 лет назад