In this next lab, we have to go a bit deeper into the differences between how HTTP and HTTP/2 are transferred over the wire and then ultimately processed by a web application. Once again, we are going to be going…

In the previous lab we looked at a H2.TE vulnerability. To exploit, we needed to upgrade the request from HTTP to HTTP/2 and rely on the frontend to downgrade back down to HTTP for its communication with the backend system.…

This is a unique attack and takes advantage of an implementation that accepts HTTP/2 requests but then downgrades the requests to HTTP when communicating with the backend systems. The weakness surfaces in how the Transfer-Encoding header is handled by the…

In this post, we’re going to be looking at utilizing the headers within a smuggled request to fire a cross site scripting payload. This is the 9th blog post in the series I am publishing dealing with Request Smuggling or…

We’re getting to the good stuff now! We’ve moved past theory again with this lab and now we’re using a smuggled request to mine session cookies. This is the 8th blog post in the series I am publishing dealing with…