Jump to content

User:BrandonS23/sandbox: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
No edit summary
No edit summary
Line 1: Line 1:
{{short description|Web security vulnerability}}
{{HTTP}}
'''HTTP request smuggling''' is a [[security exploit]] on the [[HTTP]] protocol that uses inconsistency between the interpretation of [[List of HTTP header fields#content-length-response-header|<code>Content-Length</code>]] and/or [[List of HTTP header fields#transfer-encoding-response-header|<code>Transfer-Encoding</code>]] headers between HTTP server implementations in an [[HTTP proxy server]] chain.<ref>{{Cite web|url=https://cwe.mitre.org/data/definitions/444.html|title=CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)|website=cwe.mitre.org|access-date=2020-03-13}}</ref><ref name="portswigger1">{{Cite web|url=https://portswigger.net/web-security/request-smuggling|title=What is HTTP request smuggling? Tutorial & Examples {{!}} Web Security Academy|website=portswigger.net|access-date=2020-03-13}}</ref> It was first documented in 2005 by Linhart et al.<ref name="HRS">{{cite web|url=https://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf|title=HTTP request smuggling|date=2005|last=Linhart|first=Chaim|last2=Klein|first2=Amit|last3=Heled|first3=Ronen|last4=Orrin|first4=Steve}}</ref>

==Types==
{{One source|section|date=November 2021}}
===CL.TE===
In this type of HTTP request smuggling, the front end processes the request using Content-Length header while backend processes the request using Transfer-Encoding header.<ref name="portswigger1" />

===TE.CL===
In this type of HTTP request smuggling, the front end processes request using Transfer-Encoding header while backend processes the request using Content-Length header.<ref name="portswigger1" />

===TE.TE===
In this type of HTTP request smuggling, the front end and backend both process the request using Transfer-Encoding header, but the header can be obfuscated in a way (for example by nonstandard whitespace formatting or duplicate headers) that makes one of the servers but not the other one ignore it.<ref name="portswigger1" />

==Prevention==
[[HTTP/2]] is not vulnerable to request smuggling attacks as it uses a different method for determining the length of a request. Another method of avoiding the attack is for the frontend server to normalize HTTP requests before passing them to the backend, ensuring that they get interpreted in the same way. <ref name="portswigger1" />

== References ==
{{reflist}}

[[Category:Web security exploits]]
[[Category:Hypertext Transfer Protocol headers]]


{{Web-stub}}


{{User sandbox}}
{{User sandbox}}
<!-- EDIT BELOW THIS LINE -->
<!-- EDIT BELOW THIS LINE -->

Revision as of 15:48, 6 December 2022

HTTP request smuggling is a security exploit on the HTTP protocol that uses inconsistency between the interpretation of Content-Length and/or Transfer-Encoding headers between HTTP server implementations in an HTTP proxy server chain.[1][2] It was first documented in 2005 by Linhart et al.[3]

Types

CL.TE

In this type of HTTP request smuggling, the front end processes the request using Content-Length header while backend processes the request using Transfer-Encoding header.[2]

TE.CL

In this type of HTTP request smuggling, the front end processes request using Transfer-Encoding header while backend processes the request using Content-Length header.[2]

TE.TE

In this type of HTTP request smuggling, the front end and backend both process the request using Transfer-Encoding header, but the header can be obfuscated in a way (for example by nonstandard whitespace formatting or duplicate headers) that makes one of the servers but not the other one ignore it.[2]

Prevention

HTTP/2 is not vulnerable to request smuggling attacks as it uses a different method for determining the length of a request. Another method of avoiding the attack is for the frontend server to normalize HTTP requests before passing them to the backend, ensuring that they get interpreted in the same way. [2]

References

  1. ^ "CWE - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (4.0)". cwe.mitre.org. Retrieved 2020-03-13.
  2. ^ a b c d e "What is HTTP request smuggling? Tutorial & Examples | Web Security Academy". portswigger.net. Retrieved 2020-03-13.
  3. ^ Linhart, Chaim; Klein, Amit; Heled, Ronen; Orrin, Steve (2005). "HTTP request smuggling" (PDF).



Audience Centric Model

Writing in Liberalism Divided published in 1996, Owen Fiss talks of the imperativeness that in public discourse, some need to be silenced so that other ideas can be heard. In Fiss' view, Freedom of Speech is not about the right of the speaker to speak but instead the audience to hear all ideas with value. To achieve this, Fiss acknowledges that the government must take on the role of a parlitarlian and silence those whose speech pushes other's ideas of value out of public discourse. In this line of thinking, it is public debate that is protected. While there are certainly merits to the ability to participate in speech, Fiss argues that the collective good of the right to free speech is realized through the audience and not the speaker.

Fiss observes that in today's world this is line of thought can be applied heavily to the way our media operates. With a relatively few 'speakers' (i.e. channels like CBS and ABC) having a majority of the audience, it is important that the government regulate their control and ensure that all ideas can make it to the marketplace of ideas where they can then be crushed or supported by the people.

Campaign finance reform

Fiss' view is aptly applied in the political sphere and has substantial significance in this context. Because of this, he is an advocate of strong regulation of political campaigns:

We may sometimes find it necessary to "restrict the speech of some elements of our society in order to enhance the relative voice of others," and that unless the [Supreme] Court allows, and sometimes even requires the state to do so, we as a people will never truly be free.[1]