Back to directory

WRITEUP #2388

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

OtherHTTP request smugglingDesync attack

by@albinowax(James Kettle)

Program

AWSAmazonAkamaiCiscoVerisignPulse SecureVarnish

Published

Aug 10, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://portswigger.net/research/browser-powered-desync-attacks

▸ RELATED WRITEUPS

Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies

OtherWeb cache poisoning

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Built with ❤️ by Shubham Rawat