HTTP Browser Desync
Premium roomLearn about Request Smuggling Browser Desync.
hard
60 min
6,217
To access material, start machines and answer questions login.
Introduction
Request smuggling traditionally focuses on issues within the communication between frontend and backend servers or between backend servers in a or load-balancing setup. The attention may not have been extensively directed toward understanding how these vulnerabilities manifest and can be explicitly exploited in how web browsers interpret and handle these smuggled requests.
Desynchronizing the interpretation of requests within browsers adds a layer of complexity and opens up new possibilities for exploitation. This new technique necessitates only the desynchronization of the front-end server, impacting the victim's connection with their browser.
Objectives
- Understand what Request Browser Desync is and its impact
- Identify Browser Request Smuggling vulnerabilities in web applications
- Exploit the vulnerability in a controlled environment
Pre-requisites
- A strong understanding of the protocol
- Prior experience with traditional Request Smuggling techniques in Server-side contexts
- An understanding of client-side attacks is foundational
Ready to learn Cyber Security?
The HTTP Browser Desync room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in