Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

День тому

Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years.
By James Kettle
Full Abstract & Presentation Materials:
www.blackhat.com/us-17/briefi...

КОМЕНТАРІ: 53

@syntasec1433 2 роки тому

just now stumbling onto this. I find all of James' stuff very insightful, and his critical thinking abilities in this context is really something to be admired.

@siddharthchhetry4218 Рік тому

I love how his research got better with time :)

@alexxnica 6 років тому

Excellent presentation! Congratulations on your findings and thanks for sharing!

@jean-claudekuo3252 6 років тому

Thanks for the OAST

@PERRECTUMpl 6 років тому

Great research! Wasn't aware of this at all. Thank you for sharing.

@doyoufeel...thatyoulackcri6760 4 роки тому

Words are, he is now hired by Yahoo

@thepuzzlemaker2159 3 роки тому

Love how almost all the shown addresses at 27:50 from Tor have Tor in all caps at the end

@mo938 2 роки тому

i've watched this like 5 times. this guy is amazing.

@ZzBloopzZ 2 роки тому

Cool. Did it actually help you find any findings in the real-world? I am still having trouble on how I can apply this in real-world is there is not enough specific information. Make no mistake, the speaker is a genius.

@mo938 2 роки тому

@@ZzBloopzZ nice try nsa

@yoshi5113 Рік тому

and i dont really understand how to re create this attack 😂

@mo938 Рік тому

@@yoshi5113 you first need to find a target that's using a load balancer. Then you need to specially craft http requests (like modifying headers, etc..)

@RaceForMoney 6 років тому

Awesome!

@xssfun 6 років тому

In first case of yahoo - how did you find the ip of the load balancer for you to update the same in host header?

@brianx2405 2 роки тому

thanks blackhat & thank you james kettle. amazing bug hunter-ing and excellent packet analysis.

@mahmudhasan5712 2 роки тому

Awesome.

@CheshireSwift 6 років тому

I'd honestly be prepared to believe the Netflix iPhone thing is them running something on an iOS simulator.

@Jixejo 4 роки тому

my intuition from using netflix is that you are probably quite close to the truth there...

@avatarstudios7041 4 роки тому

haa late comment james kattle is something else guys :) what a serious research

@RAGHAVENDRASINGH17 5 років тому

Nice

@0xgodson119 2 роки тому

neega vera maari dholarae

@adeadcrab 6 років тому

shout outs

@tobysonline4356 Рік тому

Took me three days to find this video again

@PacAnimal 6 років тому

Why do all these damn servers have access to internal infrastructure other than maybe a single port on an isolated sql server? Have any of these companies heard of the consept of a DMZ? Of multiple isolated DMZ's for different purposes? They're kind of ancient concepts...

@pjsmith4471 6 років тому

dmz DONT protect them... it is easily to go more in depth in the network even the org have a web server in their DMZ

@PacAnimal 6 років тому

Don't try to be clever. If the DMZ is properly isolated, as it damn well should be, it's the same as hacking a completely different company. Leaves you no better off than you were. It's not as if a DMZ requires any access to an internal network unless you're horrible at designing networks. If the DMZ has any better access to the rest of your network than the outside does, you're doing it wrong.

@qtpie2630 5 років тому

oh you need to keep watching blackhat

@autohmae 5 років тому

What I'm also surprised about: Why do these proxies not have whitelists of what they should be connecting to. Or better use something like haproxy connect to configured backends and nothing else.

@qtpie2630 5 років тому

If there's a cable, there's probably a way.

@InuYasha-SitBoy 3 роки тому

i saw this guy break that code sandbox website by breaking up like 2 php commands. OG

@flawlesscode6471 3 роки тому

@Houston Nash nope just a scam

@glowingone1774 3 роки тому

@@flawlesscode6471 I like how they think people like us fall for this 😆

@flawlesscode6471 3 роки тому

@@glowingone1774 yea. they pull it under every hacking video

@Stopinvadingmyhardware 2 роки тому

These days they don’t even need that. Little hypnosis on a video and they can walk right up to you and plug in devices right into your USB ports.

@yoloswaggins2161 5 років тому

New videos have their comments disable, why is this?

@user-iu3ii8sq6t 5 років тому

there were too many grammar mistakes in the comments, so they just disabled them

@fedemtz6 4 роки тому

What app is he using to send the http packets?

@xdman2956 Рік тому

17:18 how does setting the url help?

@vaniahaddad3239 3 роки тому

0:53 What's wrong with it?

@alexc4924 9 місяців тому

This is internet phreaking.

@Z111211211 6 років тому

What is a ping back ?

@supercombinecp860 6 років тому

4:55

@maverickstclare3756 4 роки тому

putting your hostname in the request and specifying your DNS server as authoritative so anyone that wants to know the IP of that hostname has to ask your DNS server for the IP. If the DNS lookup doesn't come from the expected destination then you can begin to explore.

@LiEnby 4 роки тому

lmfao yahoo hacked 300 times

@FennecTECH 5 років тому

only reason i could see doing that (thats not nasty) is silently redirecting users to the HTTPS version of the site

@LiEnby 4 роки тому

sucks if your trying to use the non-http version of the site for whatever reason... (maybe trying to see if theres some weird vulnerability w using HTTP but not HTTPS? or maybe an old device that doesnt support SSL?)