Tag burp

In the previous lab we looked at a H2.TE vulnerability. To exploit, we needed to upgrade the request from HTTP to HTTP/2 and rely on the frontend to downgrade back down to HTTP for its communication with the backend system.…

This is a unique attack and takes advantage of an implementation that accepts HTTP/2 requests but then downgrades the requests to HTTP when communicating with the backend systems. The weakness surfaces in how the Transfer-Encoding header is handled by the…

In this post, we’re going to be looking at utilizing the headers within a smuggled request to fire a cross site scripting payload. This is the 9th blog post in the series I am publishing dealing with Request Smuggling or…

We’re getting to the good stuff now! We’ve moved past theory again with this lab and now we’re using a smuggled request to mine session cookies. This is the 8th blog post in the series I am publishing dealing with…

This is the 7th blog post in the series I am publishing dealing with Request Smuggling or Desync vulnerabilities and attacks. These posts align to the PortSwigger Web Security Academy labs (here). Just as in the past two posts, this…