HTTP requests are traditionally viewed as isolated, standalone entities. In this session, I'll introduce techniques for remote, unauthenticated attackers to smash through this isolation and splice their requests into others, through which I was able to play puppeteer with the web infrastructure of numerous commercial and military systems, rain exploits on their visitors, and harvest over $70k in bug bounties.
By James Kettle
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#http-desync-attacks-request-smuggling-reborn-18313