all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Making Desync attacks easy with TRACE

Add to bookmarks
March 19, 2024, 2 p.m. |

PortSwigger Research portswigger.net

Have you ever found an HTTP desync vulnerability that seemed impossible to exploit due to its complicated constraints? In this blogpost we will explore a new exploitation technique that can be used to

attacks can constraints easy exploit exploitation found http http desync making trace vulnerability

Visit resource

More from portswigger.net / PortSwigger Research

Refining your HTTP perspective, with bambdas 3 days, 14 hours ago | portswigger.net
clue cors headers http +9
Introducing SignSaboteur: forge signed web tokens with ease 1 week, 3 days ago | portswigger.net
authentication authorization beyond depth +9
Making Desync attacks easy with TRACE 2 months, 1 week ago | portswigger.net
attacks can constraints easy +8
Using form hijacking to bypass CSP 2 months, 3 weeks ago | portswigger.net
bypass can configuration csp +6
Top 10 web hacking techniques of 2023 3 months, 1 week ago | portswigger.net
community hacking identify research +7
Hiding payloads in Java source code strings 4 months, 1 week ago | portswigger.net
abuse can code conceal +5
Top 10 web hacking techniques of 2023 - nominations open 4 months, 3 weeks ago | portswigger.net
blog blog posts community hacking +8
Finding that one weird endpoint, with Bambdas 5 months, 2 weeks ago | portswigger.net
act balancing act concepts endpoint +6
Blind CSS Exfiltration: exfiltrate unknown web pages 5 months, 3 weeks ago | portswigger.net
css discover exfiltration gif +3

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com