Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

Рет қаралды 93,569

Күн бұрын

Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.
By James Kettle
Full Abstract & Presentation Materials:
www.blackhat.com/us-17/briefi...

Пікірлер: 53

@syntasec1433 2 жыл бұрын

just now stumbling onto this. I find all of James' stuff very insightful, and his critical thinking abilities in this context is really something to be admired.

@siddharthchhetry4218 Жыл бұрын

I love how his research got better with time :)

@PERRECTUMpl 6 жыл бұрын

Great research! Wasn't aware of this at all. Thank you for sharing.

@doyoufeel...thatyoulackcri6760 4 жыл бұрын

Words are, he is now hired by Yahoo

@alexxnica 6 жыл бұрын

Excellent presentation! Congratulations on your findings and thanks for sharing!

@thepuzzlemaker2159 4 жыл бұрын

Love how almost all the shown addresses at 27:50 from Tor have Tor in all caps at the end

@mo938 2 жыл бұрын

i've watched this like 5 times. this guy is amazing.

@ZzBloopzZ 2 жыл бұрын

Cool. Did it actually help you find any findings in the real-world? I am still having trouble on how I can apply this in real-world is there is not enough specific information. Make no mistake, the speaker is a genius.

@mo938 2 жыл бұрын

@@ZzBloopzZ nice try nsa

@yoshi5113 Жыл бұрын

and i dont really understand how to re create this attack 😂

@mo938 Жыл бұрын

@@yoshi5113 you first need to find a target that's using a load balancer. Then you need to specially craft http requests (like modifying headers, etc..)

@jean-claudekuo3252 6 жыл бұрын

Thanks for the OAST

@xssfun 6 жыл бұрын

In first case of yahoo - how did you find the ip of the load balancer for you to update the same in host header?

@brianx2405 2 жыл бұрын

thanks blackhat & thank you james kettle. amazing bug hunter-ing and excellent packet analysis.

@RaceForMoney 6 жыл бұрын

Awesome!

@CheshireSwift 6 жыл бұрын

I'd honestly be prepared to believe the Netflix iPhone thing is them running something on an iOS simulator.

@Jixejo 4 жыл бұрын

my intuition from using netflix is that you are probably quite close to the truth there...

@avatarstudios7041 4 жыл бұрын

haa late comment james kattle is something else guys :) what a serious research

@mahmudhasan5712 2 жыл бұрын

Awesome.

@InuYasha-SitBoy 3 жыл бұрын

i saw this guy break that code sandbox website by breaking up like 2 php commands. OG

@flawlesscode6471 3 жыл бұрын

@Houston Nash nope just a scam

@glowingone1774 3 жыл бұрын

@@flawlesscode6471 I like how they think people like us fall for this 😆

@flawlesscode6471 3 жыл бұрын

@@glowingone1774 yea. they pull it under every hacking video

@RAGHAVENDRASINGH17 5 жыл бұрын

Nice

@PacAnimal 6 жыл бұрын

Why do all these damn servers have access to internal infrastructure other than maybe a single port on an isolated sql server? Have any of these companies heard of the consept of a DMZ? Of multiple isolated DMZ's for different purposes? They're kind of ancient concepts...

@pjsmith4471 6 жыл бұрын

dmz DONT protect them... it is easily to go more in depth in the network even the org have a web server in their DMZ

@PacAnimal 6 жыл бұрын

Don't try to be clever. If the DMZ is properly isolated, as it damn well should be, it's the same as hacking a completely different company. Leaves you no better off than you were. It's not as if a DMZ requires any access to an internal network unless you're horrible at designing networks. If the DMZ has any better access to the rest of your network than the outside does, you're doing it wrong.

@qtpie2630 5 жыл бұрын

oh you need to keep watching blackhat

@autohmae 5 жыл бұрын

What I'm also surprised about: Why do these proxies not have whitelists of what they should be connecting to. Or better use something like haproxy connect to configured backends and nothing else.

@qtpie2630 5 жыл бұрын

If there's a cable, there's probably a way.

@0xgodson119 2 жыл бұрын

neega vera maari dholarae

@Stopinvadingmyhardware 2 жыл бұрын

These days they don’t even need that. Little hypnosis on a video and they can walk right up to you and plug in devices right into your USB ports.

@adeadcrab 6 жыл бұрын

shout outs

@tobysonline4356 Жыл бұрын

Took me three days to find this video again

@fedemtz6 4 жыл бұрын

What app is he using to send the http packets?

@xdman2956 Жыл бұрын

17:18 how does setting the url help?

@yoloswaggins2161 5 жыл бұрын

New videos have their comments disable, why is this?

@user-iu3ii8sq6t 5 жыл бұрын

there were too many grammar mistakes in the comments, so they just disabled them

@vaniahaddad3239 3 жыл бұрын

0:53 What's wrong with it?

@Z111211211 6 жыл бұрын

What is a ping back ?

@supercombinecp860 6 жыл бұрын

4:55

@maverickstclare3756 4 жыл бұрын

putting your hostname in the request and specifying your DNS server as authoritative so anyone that wants to know the IP of that hostname has to ask your DNS server for the IP. If the DNS lookup doesn't come from the expected destination then you can begin to explore.

@thewhitefalcon8539 11 ай бұрын

This is internet phreaking.

@FennecTECH 5 жыл бұрын

only reason i could see doing that (thats not nasty) is silently redirecting users to the HTTPS version of the site

@LiEnby 4 жыл бұрын

sucks if your trying to use the non-http version of the site for whatever reason... (maybe trying to see if theres some weird vulnerability w using HTTP but not HTTPS? or maybe an old device that doesnt support SSL?)