Learn Security Online
[Advertise With HackThisSite.org]

Hack This Site - Forums Index

HTTP Request Smuggling

What's the best way to setup a home network? Why should I care about BGP?
Post a reply

HTTP Request Smuggling

Post by Draymire on Fri Jun 04, 2010 9:49 pm
([msg=39523]see HTTP Request Smuggling[/msg])

If I am understanding This correctly than I could modify this to allow me to bypass a proxy assuming the proxy blocks by DNS and not IPs.

Code: Select all
GET /some_page.jsp?param1=value1&param2=
Content-Type: application/x-www-form-
Content-Length: 0
Foobar: GET /mypage.jsp HTTP/1.0
Cookie: my_id=1234567
Authorization: Basic ugwerwguwygruwy


Like so
Code: Select all
GET 64.32.24.200
Content-Type: application/x-www-form-
Content-Length: 0
Foobar: GET /forums HTTP/1.0
Cookie: appropriate cookies for HTS
***other headers needed***


Or assuming it checks both DNS and IP i could use this

Code: Select all
GET / HTTP/1.0
X-DecoyHost: www.google.ca
Host: www.hackthissite.org


Please correct me where I am wrong. I know it is somewhere.
Baba Ram Dass "The quieter you become, the more you can hear"
User avatar
Draymire
Poster
Poster
 
Posts: 129
Joined: Sun Nov 22, 2009 12:01 am
Blog: View Blog (0)
Post a reply

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel