Scomurr's Blog - Page 8 of 19 - Play for serendipity...

Security, Web Attacks

HTTP Request Smuggling – Stealing Session Cookies

We’re getting to the good stuff now! We’ve moved past theory again with this lab and now we’re using a smuggled request to mine session cookies. This is the 8th blog post in the series I am publishing dealing with…

scomurr
01/04/2023

Security, Web Attacks

HTTP Request Smuggling – Identifying Frontend Request Rewriting and Exploiting

This is the 7th blog post in the series I am publishing dealing with Request Smuggling or Desync vulnerabilities and attacks. These posts align to the PortSwigger Web Security Academy labs (here). Just as in the past two posts, this…

scomurr
01/02/2023

Security, Web Attacks

HTTP Request Smuggling – Bypassing Frontend Security Controls Part 2

This is the 6th blog post in the series I am publishing dealing with Request Smuggling or Desync vulnerabilities and attacks. These posts align to the PortSwigger Web Security Academy labs (here). The first four posts deal with theory and…

scomurr
12/23/2022

Security, Web Attacks

HTTP Request Smuggling – Bypassing Frontend Security Controls

This is the next blog post in the series I am publishing dealing with Request Smuggling or Desync vulnerabilities and attacks. These posts align to the PortSwigger Web Security Academy labs (here). The first four posts deal with theory and…

scomurr
12/21/2022

Security, Web Attacks

HTTP Request Smuggling – Finding and Exploiting via Differential Responses

This is the continuation of the series I am publishing that aligns to the PortSwigger Web Security Academy labs on Request Smuggling or Desync vulnerabilities and attacks (here). In this post, I will be dealing with identifying and exploiting these…

scomurr
12/19/2022