HTTP Request Smuggling - False Positives

Подписаться 16 тыс.

Просмотров 13 тыс.

50% 1

I had a chance to work together with Google Bug Hunters on a video regarding HTTP Request Smuggling false positives. This is the result.
▶️ RU-vid: / pinkdraconian
🎁 Patreon: / pinkdraconian
🐦 Twitter: / pinkdraconian
🎵 TikTok: / pinkdraconian
ℹ️ LinkedIn: / robbe-van-roey-365666195
📞 Discord: PinkDraconian#9907
📷 Instagram: / robbevanroey
🕸️ Website: pinkdraconian.d...
👨‍💻 HackTheBox: www.hackthebox...
🤖 Reddit: / pinkdraconian
☁️ Steam: steamcommunity...
🐈 GitHub: github.com/Pin...

Опубликовано:

9 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 53

@SurpriseExecution 7 месяцев назад

Very well explained! I earlier read PortSwiggers material about request smuggling, but this video basically clarified a lot of this topic :)

@PinkDraconian 7 месяцев назад

Thanks! Happy to hear that this video helped so much!

@AidinNaserifard 2 года назад

Great video, keep it up , bro💜👊

@PinkDraconian 2 года назад

Thank you!

@jlinscott8529 2 года назад

Great stuff, as always, mate! I definitely want to look into HTTP smuggling, and HTTP desync, more now. Thanks!

@PinkDraconian 2 года назад

It's a very interesting vulnerability. I was mindblown by it at first!

@pwnearth5505 2 года назад

@@PinkDraconian thanks 👍🏼♥️

@SalmanKhan.78692 2 года назад

Awesome content for cyber security 🔥🔥🔥

@PinkDraconian 2 года назад

Thank you so much!

@lancemarchetti8673 Год назад

Loving this channel !!

@PinkDraconian Год назад

Aww thanks!

@camelotenglishtuition6394 Год назад

Great video dude... I really love these types of attacks, I also prefer not to scan and do most work manually..

@SeanCallahan52 10 месяцев назад

Request smuggling is so cool. Idk why but it’s one of my favorite attacks.

@PinkDraconian 10 месяцев назад

Same, I love this attack. I think it still has so much research potential as well!

@SeanCallahan52 10 месяцев назад

@@PinkDraconian 💯, James Kettle has some nice material on it. Still a ton left to be uncovered!

@CristiVladZ 9 месяцев назад

Really good explanation

@PinkDraconian 9 месяцев назад

Thank you Cristi, means a lot coming from you!

@angryman9333 Год назад

I needed that pipelining method thank you, hopefully it works out :)

@PinkDraconian Год назад

Best of luck!

@faresmahmoud7826 2 года назад

very great , You solved a very difficult puzzle .... thanks so much😍

@PinkDraconian Год назад

You are welcome 😊

@BugBountyReportsExplained 2 года назад

I'm going to send here anyone that DMs me with a HRS false-positive

@PinkDraconian 2 года назад

Thank you! Let's get these false positive reports out of the world!

@khayla_matthews 2 года назад

Very interesting video! 👍🏾 thanks for sharing

@PinkDraconian 2 года назад

Thank you for watching!

@pwnearth5505 2 года назад

🔥🔥🔥👍🏼

@PinkDraconian 2 года назад

🧯🚒👩‍🚒

@MusicLover-bp2cc 2 года назад

Thank you. I will subscribe.

@PinkDraconian Год назад

Thanks for the sub!

@nigelcarruthers335 2 года назад

I run across a lot of false positives with AWS load balancers.

@PinkDraconian 2 года назад

Good to know! I read about this but wasn't able to reproduce myself. Didn't try for too long tho!

@ibrahimmuhammad4194 2 года назад

Thank you!

@PinkDraconian 2 года назад

Thank you!

@rubenrodenascebrian3855 8 месяцев назад

I really liked your video. Could you tell me which app you use to create the images? It looks very nice.

@PinkDraconian 7 месяцев назад

Thank you very much. I use the Adobe suite for all images shown.

@HaiderAli-hm4lb 6 месяцев назад

Hey! This video is great. I had a question. Are specific endpoints of a website vulnerable to HTTP Request smuggling or a website as a whole is vulnerable to HTTP Request smuggling?

@PinkDraconian 6 месяцев назад

This vulnerability exists at a lower level than specific endpoints, so it will likely be all endpoints.

@ARZ10198 2 года назад

good stuff < 3

@PinkDraconian 2 года назад

Thanks

@UnexpectedTokenJs 10 месяцев назад

Hi, what about servers like s3 (only for statics) under a balancer like f5 ? Exist the vulnerability? T thanks

@PinkDraconian 10 месяцев назад

It all depends on the setup and whether the component is vulnerable. www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/

@hackerexploit8890 Год назад

How we spot the HTTP Request Smuggling Vulne .

@PinkDraconian Год назад

There's a great PortSwigger academy article on this!

@trijnvanroey6894 2 года назад

Second Comment

@PinkDraconian 2 года назад

Woohoo!

@wolfie6512 2 года назад

Third Comment!

@PinkDraconian 2 года назад

What an achievement!

@aamara_btw4817 2 года назад

Fourth comment

@PinkDraconian 2 года назад

Yahoooooooo! Well done!

@lordsixth5944 2 года назад

How old are You buddy?

@PinkDraconian 2 года назад

I'm 22 :)

@bjarne9700 Месяц назад

Great video - I understand the desync aspect but what I dont understand is how this could be exploited. From my current understanding, worst that could happen is that another user gets the response to the request I smuggled in. For example I request /indext.html and smuggle /404.html. The user that sends the next request will receive my 404 response. How could this behavior be levaraged to pose any harm outside of a DOS attack - giving as many people as possible 404s

@PinkDraconian 25 дней назад

There are loads of way of further weaponizing request smuggling. Here's a great article by PortSwigger: portswigger.net/web-security/request-smuggling/exploiting