HTTP request smuggling: Difference between revisions

Content deleted Content added

Inline

Revision as of 17:18, 19 August 2022

HTTP request smuggling is a security exploit on the HTTP protocol that uses inconsistency between the interpretation of Content-Length and/or Transfer-Encoding headers between HTTP server implementations in an HTTP proxy server chain.^[1]^[2] It was first documented in 2005 by Linhart et al.^[3]

Types

CL.TE

In this type of HTTP request smuggling, the front end processes the request using Content-Length header while backend processes the request using Transfer-Encoding header.^[2]

TE.CL

In this type of HTTP request smuggling, the front end processes request using Transfer-Encoding header while backend processes the request using Content-Length header.^[2]

TE.TE

In this type of HTTP request smuggling, the front end and backend both process the request using Transfer-Encoding header, but the header can be obfuscated in a way (for example by nonstandard whitespace formatting or duplicate headers) that makes one of the servers but not the other one ignore it.^[2]

Prevention

HTTP/2 is not vulnerable to request smuggling attacks as it uses a different method for determining the length of a request. Another method of avoiding the attack is for the frontend server to normalize HTTP requests before passing them to the backend, ensuring that they get interpreted in the same way. ^[2]

References

^ "CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)". cwe.mitre.org. Retrieved 2020-03-13.
^ ^a ^b ^c ^d ^e "What is HTTP request smuggling? Tutorial & Examples | Web Security Academy". portswigger.net. Retrieved 2020-03-13.
^ Linhart, Chaim; Klein, Amit; Heled, Ronen; Orrin, Steve (2005). "HTTP request smuggling" (PDF).

This World Wide Web–related article is a stub. You can help Wikipedia by expanding it.

[1] "CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)". cwe.mitre.org. Retrieved 2020-03-13.

[portswigger1-2] "What is HTTP request smuggling? Tutorial & Examples | Web Security Academy". portswigger.net. Retrieved 2020-03-13.

[HRS-3] Linhart, Chaim; Klein, Amit; Heled, Ronen; Orrin, Steve (2005). "HTTP request smuggling" (PDF).

[1]

[2]

[3]

@@ Line 1: / Line 1: @@
-{{More citations needed|date=July 2022}}{{short description|Web security vulnerability}}
+{{short description|Web security vulnerability}}
 {{HTTP}}
 '''HTTP request smuggling''' is a [[security exploit]] on the [[HTTP]] protocol that uses inconsistency between the interpretation of [[List of HTTP header fields#content-length-response-header|<code>Content-Length</code>]] and/or [[List of HTTP header fields#transfer-encoding-response-header|<code>Transfer-Encoding</code>]] headers between HTTP server implementations in an [[HTTP proxy server]] chain.<ref>{{Cite web|url=https://cwe.mitre.org/data/definitions/444.html|title=CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)|website=cwe.mitre.org|access-date=2020-03-13}}</ref><ref name="portswigger1">{{Cite web|url=https://portswigger.net/web-security/request-smuggling|title=What is HTTP request smuggling? Tutorial & Examples {{!}} Web Security Academy|website=portswigger.net|access-date=2020-03-13}}</ref> It was first documented in 2005 by Linhart et al.<ref name="HRS">{{cite web|url=https://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf|title=HTTP request smuggling|date=2005|last=Linhart|first=Chaim|last2=Klein|first2=Amit|last3=Heled|first3=Ronen|last4=Orrin|first4=Steve}}</ref>