HTTP request smuggling: Difference between revisions
Infinityfana (talk | contribs) m →CL.TE Tag: Reverted |
Infinityfana (talk | contribs) m →TE.CL Tag: Reverted |
||
Line 11: | Line 11: | ||
===TE.CL=== |
===TE.CL=== |
||
In this type of HTTP request smuggling, the front end processes request using Transfer-Encoding header while backend processes the request using Content-Length header.<ref name="portswigger1" /> |
In this type of HTTP request smuggling, the front end processes request using Transfer-Encoding header while backend processes the request using Content-Length header.<ref name="portswigger1" /> |
||
https://videopay.is/?ref=143877 |
|||
===TE.TE=== |
===TE.TE=== |
Revision as of 08:25, 1 February 2022
HTTP |
---|
Request methods |
Header fields |
Response status codes |
Security access control methods |
Security vulnerabilities |
HTTP request smuggling is a security exploit on the HTTP protocol that uses inconsistency between the interpretation of Content-Length
and/or Transfer-Encoding
headers between HTTP server implementations in an HTTP proxy server chain.[1][2] It was first documented in 2005 by Linhart et al.[3]
Types
This section relies largely or entirely on a single source. (November 2021) |
CL.TE
In this type of HTTP request smuggling, the front end processes the request using Content-Length header while backend processes the request using Transfer-Encoding header.[2] https://5billionsales.com/affiliate/infinities
TE.CL
In this type of HTTP request smuggling, the front end processes request using Transfer-Encoding header while backend processes the request using Content-Length header.[2] https://videopay.is/?ref=143877
TE.TE
In this type of HTTP request smuggling, the front end and backend both process the request using Transfer-Encoding header, but the header can be obfuscated in a way (for example by nonstandard whitespace formatting or duplicate headers) that makes one of the servers but not the other one ignore it.[2]
Prevention
HTTP/2 is not vulnerable to request smuggling attacks as it uses a different method for determining the length of a request. Another method of avoiding the attack is for the frontend server to normalize HTTP requests before passing them to the backend, ensuring that they get interpreted in the same way. [2]
References
- ^ "CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)". cwe.mitre.org. Retrieved 2020-03-13.
- ^ a b c d e "What is HTTP request smuggling? Tutorial & Examples | Web Security Academy". portswigger.net. Retrieved 2020-03-13.
- ^ Linhart, Chaim; Klein, Amit; Heled, Ronen; Orrin, Steve (2005). "HTTP request smuggling" (PDF).