Empirical Study of HTTP Request Smuggling in Open-Source Servers and Proxies

Sammanfattning: During the last couple of decades cybersecurity has become increasingly important for society. As more and more of our lives turn digital, the security of the web becomes more important to its everyday users. HTTP Request Smuggling (HRS) is a vulnerability which arises when web servers and proxies interpret the length of a single HTTP request differently. In this study empirical testing was used to find parsing behaviours which could lead to HRS in six popular proxies and six servers. A literature study was conducted to compile a corpus containing requests adopting all known HRS techniques and different variations of them. A test harness was built to enable automatic sending of requests and recording of responses. The responses were then manually analysed to identify behaviours vulnerable to HRS. In total 17 vulnerable behaviours were found and by combining the proxies with the servers two almost full and three full attacks could be performed. At least one behaviour which went against the HTTP specification was found in every system tested, however, not all of these behaviours enabled HRS. In conclusion most of the proxies had strict parsing and did not accept requests which could lead to HRS. The servers however were not so strict.