Researcher bypasses Azure, and Cloudflare Reverse Proxy Security - HTTP/2 Smuggling (h2c)
The Backend Engineering Show with Hussein Nasser - En podcast af Hussein Nasser
Kategorier:
6 months ago, Jake Miller released a blog article and python tool describing H2C smuggling, or http2 over cleartext smuggling. By using an obscure feature of http2, an attacker could bypass authorization controls on reverse proxies. Sean managed to leverage Jack’s original research to bypass reverse proxy rules, lets discuss My original Video on Jack’s h2c smuggling https://youtu.be/B2VEQ3jFq6Q This article https://blog.assetnote.io/2021/03/18/h2c-smuggling/