Web cache deception - PortSwigger

Contents

0 of 36

Web caches 0 of 3

Cache keys

Cache rules

Constructing a web cache deception attack 0 of 3

Constructing a web cache deception attack

Using a cache buster

Detecting cached responses

Exploiting static extension cache rules 0 of 1

Exploiting static extension cache rules

Using path mapping discrepancies 0 of 4

Path mapping discrepancies

Path mapping discrepancies - Continued

Exploiting path mapping discrepancies

Lab: Exploiting path mapping for web cache deception APPRENTICE

Using delimiter discrepancies 0 of 7

Delimiter discrepancies

Delimiter discrepancies - Continued

Exploiting delimiter discrepancies

Exploiting delimiter discrepancies - Continued

Lab: Exploiting path delimiters for web cache deception PRACTITIONER

Using delimiter decoding discrepancies 0 of 3

Delimiter decoding discrepancies

Delimiter decoding discrepancies - Continued

Exploiting delimiter decoding discrepancies

Exploiting static directory cache rules 0 of 1

Exploiting static directory cache rules

Using normalization discrepancies 0 of 10

Normalization discrepancies

Detecting normalization by the origin server

Detecting normalization by the cache server

Detecting normalization by the cache server - Continued

Exploiting normalization by the origin server

Lab: Exploiting origin server normalization for web cache deception PRACTITIONER

Exploiting normalization by the cache server

Exploiting normalization by the cache server - Continued

Lab: Exploiting cache server normalization for web cache deception PRACTITIONER

Exploiting file name cache rules 0 of 3

Exploiting file name cache rules

Detecting normalization discrepancies

Exploiting normalization discrepancies

Preventing vulnerabilities 0 of 1

Preventing web cache deception vulnerabilities