Smuggling HTTP headers through reverse proxies

Summary: Under some conditions, it is possible to smuggle HTTP headers through a reverse proxy, even if it was explicitly unset before. This is possible in some cases due to HTTP header normalization and parser differentials. Because HTTP headers are commonly used as way to pass authentication data to the backend (for example in mutual TLS scenarios), this can lead to critical vulnerabilities.

This full article was published on my employeers technical security blog here

See Also

Title Tags Link
Bug Bounty: Bypassing a crappy WAF to exploit a blind SQL injection Read →
Re-using socket FDs vs reverse shell Read →
Solving ROP primer level2 Read →
CVE-2016-5195 (Dirtycow) Local Root PoC Read →
Webanalyze, utility to uncover technologies used on websites. Read →