HTTP Request Smuggling - False Positives

Рет қаралды 12,124

Жыл бұрын

I had a chance to work together with Google Bug Hunters on a video regarding HTTP Request Smuggling false positives. This is the result.
▶️ KZfaq: kzfaq.info
🎁 Patreon: www.patreon.com/PinkDraconian
🐦 Twitter: PinkDraconian
🎵 TikTok: www.tiktok.com/@pinkdraconian
ℹ️ LinkedIn: www.linkedin.com/in/robbe-van-roey-365666195/
📞 Discord: PinkDraconian#9907
📷 Instagram: robbevanroey
🕸️ Website: pinkdraconian.d4rkc0de.com/
👨‍💻 HackTheBox: www.hackthebox.eu/home/users/profile/129531
🤖 Reddit: www.reddit.com/user/PinkDraconian
☁️ Steam: steamcommunity.com/id/PinkDraconian
🐈 GitHub: github.com/PinkDraconian

Пікірлер: 51

@lancemarchetti8673 Жыл бұрын

Loving this channel !!

@PinkDraconian Жыл бұрын

Aww thanks!

@SurpriseExecution 5 ай бұрын

Very well explained! I earlier read PortSwiggers material about request smuggling, but this video basically clarified a lot of this topic :)

@PinkDraconian 5 ай бұрын

Thanks! Happy to hear that this video helped so much!

@jlinscott8529 Жыл бұрын

Great stuff, as always, mate! I definitely want to look into HTTP smuggling, and HTTP desync, more now. Thanks!

@PinkDraconian Жыл бұрын

It's a very interesting vulnerability. I was mindblown by it at first!

@pwnearth5505 Жыл бұрын

@@PinkDraconian thanks 👍🏼♥️

@AidinNaserifard Жыл бұрын

Great video, keep it up , bro💜👊

@PinkDraconian Жыл бұрын

Thank you!

@angryman9333 Жыл бұрын

I needed that pipelining method thank you, hopefully it works out :)

@PinkDraconian Жыл бұрын

Best of luck!

@camelotenglishtuition6394 Жыл бұрын

Great video dude... I really love these types of attacks, I also prefer not to scan and do most work manually..

@khayla_matthews Жыл бұрын

Very interesting video! 👍🏾 thanks for sharing

@PinkDraconian Жыл бұрын

Thank you for watching!

@SalmanKhan.78692 Жыл бұрын

Awesome content for cyber security 🔥🔥🔥

@PinkDraconian Жыл бұрын

Thank you so much!

@faresmahmoud7826 Жыл бұрын

very great , You solved a very difficult puzzle .... thanks so much😍

@PinkDraconian Жыл бұрын

You are welcome 😊

@ibrahimmuhammad4194 Жыл бұрын

Thank you!

@PinkDraconian Жыл бұрын

Thank you!

@CristiVladZ 6 ай бұрын

Really good explanation

@PinkDraconian 6 ай бұрын

Thank you Cristi, means a lot coming from you!

@MusicLover-bp2cc Жыл бұрын

Thank you. I will subscribe.

@PinkDraconian Жыл бұрын

Thanks for the sub!

@ARZ10198 Жыл бұрын

good stuff < 3

@PinkDraconian Жыл бұрын

Thanks

@BugBountyReportsExplained Жыл бұрын

I'm going to send here anyone that DMs me with a HRS false-positive

@PinkDraconian Жыл бұрын

Thank you! Let's get these false positive reports out of the world!

@SeanCallahan52 7 ай бұрын

Request smuggling is so cool. Idk why but it’s one of my favorite attacks.

@PinkDraconian 7 ай бұрын

Same, I love this attack. I think it still has so much research potential as well!

@SeanCallahan52 7 ай бұрын

@@PinkDraconian 💯, James Kettle has some nice material on it. Still a ton left to be uncovered!

@rubenrodenascebrian3855 5 ай бұрын

I really liked your video. Could you tell me which app you use to create the images? It looks very nice.

@PinkDraconian 5 ай бұрын

Thank you very much. I use the Adobe suite for all images shown.

@HaiderAli-hm4lb 4 ай бұрын

Hey! This video is great. I had a question. Are specific endpoints of a website vulnerable to HTTP Request smuggling or a website as a whole is vulnerable to HTTP Request smuggling?

@PinkDraconian 4 ай бұрын

This vulnerability exists at a lower level than specific endpoints, so it will likely be all endpoints.

@pwnearth5505 Жыл бұрын

🔥🔥🔥👍🏼

@PinkDraconian Жыл бұрын

🧯🚒👩‍🚒

@oscarsobrevilla21 7 ай бұрын

Hi, what about servers like s3 (only for statics) under a balancer like f5 ? Exist the vulnerability? T thanks

@PinkDraconian 7 ай бұрын

It all depends on the setup and whether the component is vulnerable. www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/