Your agentic AI partner in Burp Suite - Discover Burp AI
now
Read More
PortSwigger Research at Black Hat USA and DEF CON
Watch the PortSwigger Research presentations from DEF
CON.
Gotta Cache 'em All: Bending the Rules of Web
Cache
Exploitation
Splitting the Email Atom: Exploiting Parsers
to Bypass Access
Controls
Read the white papers
Gotta Cache 'em All: Bending the Rules of Web Cache
Exploitation
This paper will explore how different HTTP servers and
proxies behave when parsing specially crafted URLs and
explore ambiguities in the RFC that lead to path
confusion.
Splitting the Email Atom: Exploiting Parsers to Bypass
Access Controls
In this paper, Gareth Heyes shows you how to turn email
parsing discrepancies into access control bypasses and
even RCE.
Listen to the Whispers: Web Timing Attacks that
Actually Work
James Kettle unleashes novel attack concepts to coax out
server secrets including masked misconfigurations, blind
data-structure injection, hidden routes to forbidden
areas, and a vast expanse of invisible attack surface.
