Lab: Bypassing access controls via HTTP/2 request tunnelling

Lab: Bypassing access controls via HTTP/2 request tunnelling

Jarno Timmermans

55 лет назад

2,026 Просмотров
In-depth solution to Portswigger's "Bypassing access controls via HTTP/2 request tunnelling" lab.

👀 Check out playlist https://www.youtube.com/playlist?list=PLGb2cDlBWRUX1_7RAIjRkZDYgAB3VbUSw for all my solutions to the HTTP Request Smuggling labs from PortSwigger.

Try it yourself:
https://portswigger.net/web-security/request-smuggling/advanced/request-tunnelling/lab-request-smuggling-h2-bypass-access-controls-via-request-tunnelling

Timestamps:
00:00 - Intro
00:30 - Confirm the CRLF vulnerability
01:50 - Leak the internal headers using CRLF injection
05:30 - Smuggle a request to the admin page
09:36 - Use a HEAD request instead of GET

Тэги:

#web_security_academy #portswigger #http/2_CRLF_injection #http/2_request_tunnelling #bypass_access_controls #http_request_smuggling
Ссылки и html тэги не поддерживаются

Комментарии:

@haythamkt5607
@haythamkt5607 - 23.11.2023 19:05

rak mqawd a khay thank you so much !

Ответить
@draxler.a
@draxler.a - 03.05.2024 17:05

the content is great 👍🏻 but you talk tooooo fast 😅

Ответить
@anonymousvevo8697
@anonymousvevo8697 - 19.05.2024 17:41

what is the difference if we injected the payload into the name or the value ? i got mixed up

Ответить
Сейчас смотрят
Lab: Bypassing access controls via HTTP/2 request tunnelling 13:27
Lab: Bypassing access controls via HTTP/2 request tunnelling Jarno Timmermans
Slow na Bugi ni Shitekure – Minami Yoshitaka (Romaji Karaoke no guide) 3:22
Slow na Bugi ni Shitekure – Minami Yoshitaka (Romaji Karaoke no guide) KARAOKE UtaCchaO
Riley's dream turned into a lucid dream | Dream production #insideout2 0:52
Riley's dream turned into a lucid dream | Dream production #insideout2 PrimeBots
Which Crafting Bench is The Closest? (v4.0) 0:58
Which Crafting Bench is The Closest? (v4.0) Yatogi
This is the Tesla Model S – For Kids | CNBC 0:57
This is the Tesla Model S – For Kids | CNBC CNBC
How to set password in laptop/pc #shorts #youtubeshorts 0:15
How to set password in laptop/pc #shorts #youtubeshorts Turbo Tech
صفرتا صد اموزش تبدیل فانتوم به سونیک ونکات امنیتی; ادد کردن کانترکت و شبکه; کلیم توکن اکوال در سونیک 28:34
صفرتا صد اموزش تبدیل فانتوم به سونیک ونکات امنیتی; ادد کردن کانترکت و شبکه; کلیم توکن اکوال در سونیک crypto farsi
ASMR Intense Mouth Sounds (chewing gum) 21:22
ASMR Intense Mouth Sounds (chewing gum) Miinu Inu
@WoollyandTigOfficial- Woolly and Tig - Going Shopping! | TV Show for Kids | Toy Spider 21:45
@WoollyandTigOfficial- Woolly and Tig - Going Shopping! | TV Show for Kids | Toy Spider Woolly and Tig Official Channel
The Elder Scrolls Online ist jetzt ein BESSERES Spiel! | Alle 25 DLCs & Features erklärt 26:25
The Elder Scrolls Online ist jetzt ein BESSERES Spiel! | Alle 25 DLCs & Features erklärt Amemos ⚔️
Padi terserang wereng coklat 0:24
Padi terserang wereng coklat AlFatih_Agro
ASMR Deep in your Head heavily ( No Talking ) 36:45
ASMR Deep in your Head heavily ( No Talking ) Canary ASMR