The Backend Engineering Show with Hussein Nasser artwork

Researcher bypasses Google, Azure, and Cloudflare Reverse Proxy Security - HTTP/2 Smuggling (h2c)

The Backend Engineering Show with Hussein Nasser

English - March 26, 2021 18:50 - 14 minutes - 13.1 MB - ★★★★★ - 5 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: High severity flaw can crash your WebServer when using OpenSSL - Let us discuss
Next Episode: What happens when your Backend Web Server Certificate Private Key is Leaked?

6 months ago, Jake Miller released a blog article and python tool describing H2C smuggling, or http2 over cleartext smuggling. By using an obscure feature of http2, an attacker could bypass authorization controls on reverse proxies. 




 Sean managed to leverage Jack’s original research to bypass reverse proxy rules, lets discuss  My original Video on Jack’s h2c smuggling https://youtu.be/B2VEQ3jFq6Q This article  https://blog.assetnote.io/2021/03/18/h2c-smuggling/

---

Send in a voice message: https://anchor.fm/hnasr/message