Web Security
Catalogue of my video solutions for PortSwigger's Web Security Academy labs.
Web Cache Poisoning
All the videos below are included in my Web Cache Poisoning playlist:
- Lab: Web cache poisoning with an unkeyed header
- Lab: Web cache poisoning with an unkeyed cookie
- Lab: Web cache poisoning with multiple headers
- Lab: Targeted web cache poisoning using an unknown header
- Lab: Exploit a DOM vulnerability via a cache with strict cacheability criteria
- Lab: Combining web cache poisoning vulnerabilities
- Lab: Web cache poisoning via an unkeyed query string
- Lab: Web cache poisoning via an unkeyed query parameter
- Lab: Web Cache Poisoning with Parameter Cloaking
- Lab: Web Cache Poisoning with URL Normalization
HTTP Request Smuggling
All the videos below are included in my HTTP Request Smuggling playlist:
- Lab: HTTP request smuggling, basic CL.TE vulnerability
- Lab: HTTP request smuggling, basic TE.CL vulnerability
- Lab: HTTP request smuggling, obfuscating the TE header
- Lab: Confirming a CL.TE vulnerability via differential responses – HTTP Request Smuggling
- Lab: Confirming a TE.CL vulnerability via differential responses – HTTP Request Smuggling
- Lab: Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability
- Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability
- Lab: Exploiting HTTP request smuggling to reveal front-end request rewriting
- Lab: Exploiting HTTP request smuggling to capture other users' requests
- Lab: Exploiting HTTP request smuggling to deliver reflected XSS
- Lab: Exploiting HTTP request smuggling to perform web cache poisoning
- Lab: Exploiting HTTP request smuggling to perform web cache deception
- Lab: H2.CL request smuggling
- Lab: Response Queue Poisoning via H2.TE request smuggling
- Lab: HTTP/2 request smuggling via CRLF injection
- Lab: HTTP/2 request splitting via CRLF injection
- Lab: Bypassing access controls via HTTP/2 request tunnelling
- Lab: Web cache poisoning via HTTP/2 request tunnelling
- Lab: CL.0 request smuggling
- Lab: Client-Side Desync
- Lab: Server-side pause-based request smuggling