all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

Add to bookmarks
Aug. 10, 2022, 6 p.m. |

PortSwigger Research portswigger.net

The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib

attacks browser frontier http http request smuggling request request smuggling smuggling

Visit resource

More from portswigger.net / PortSwigger Research

Making Desync attacks easy with TRACE 1 month, 2 weeks ago | portswigger.net
attacks can constraints easy +8
Using form hijacking to bypass CSP 1 month, 4 weeks ago | portswigger.net
bypass can configuration csp +6
Top 10 web hacking techniques of 2023 2 months, 2 weeks ago | portswigger.net
community hacking identify research +7
Hiding payloads in Java source code strings 3 months, 1 week ago | portswigger.net
abuse can code conceal +5
Top 10 web hacking techniques of 2023 - nominations open 3 months, 3 weeks ago | portswigger.net
blog blog posts community hacking +8
Finding that one weird endpoint, with Bambdas 4 months, 3 weeks ago | portswigger.net
act balancing act concepts endpoint +6
Blind CSS Exfiltration: exfiltrate unknown web pages 4 months, 4 weeks ago | portswigger.net
css discover exfiltration gif +3
The single-packet attack: making remote race-conditions 'local' 6 months, 2 weeks ago | portswigger.net
attack conditions effectively http +10
How to build custom scanners for web security research automation 7 months ago | portswigger.net
aid attack automation build +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Intern, Cyber Security Vulnerability Management

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Compliance - Global Privacy Office - Associate - Bengaluru

@ Goldman Sachs | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cyber Security Engineer (m/w/d) Operational Technology

@ MAN Energy Solutions | Oberhausen, DE, 46145
View on infosec-jobs.com

Armed Security Officer - Hospital

@ Allied Universal | Sun Valley, CA, United States
View on infosec-jobs.com

Governance, Risk and Compliance Officer (Africa)

@ dLocal | Lagos (Remote)
View on infosec-jobs.com

Junior Cloud DevSecOps Network Engineer

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs