| ▲ | markasoftware an hour ago | |
Very true, this was likely an attack. Worth noting that mr kettle has done a defcon talk nearly every year on some variant of this attack, the most recent one titled "HTTP/1.1 must die" because he rightfully believes that switching to the binary headers of http/2 (specifically in reverse proxy connections to upstream servers) is the only way to systematically prevent these. | ||
| ▲ | albinowax_ an hour ago | parent [-] | |
I’ll be back next month with a load of fresh vectors in “Can AI Do Novel Security Research? Meet the HTTP Terminator” https://portswigger.net/research/talks?talkId=36 Maybe my last presentation on the topic! Possibly. | ||