↓↓↓ Click here and earn $5 TryHackMe credit ↓↓↓
Find the room here: https://tryhackme.com/room/http2requestsmuggling
Task 1 Introduction
In this room, we'll look at ways to smuggle requests through proxies that use HTTP/2. Even though HTTP/2 was designed to prevent request smuggling, we'll show how, under certain specific scenarios, requests can still be smuggled, even with more ease.
Deploy the VM before continuing.
No answer needed
Task 2 HTTP/2 Explained
Which version of the HTTP protocol uses \r\n to separate headers in a request?
HTTP/1.1
Which version of the HTTP protocol uses a binary format and clearly defines boundaries for elements in requests/responses?
HTTP/2
Task 3 HTTP/2 Desync
Repeat the request shown in the practical example against the app and wait for a user to fall for our trap. What is the username of the victim user who liked our post?
THM{my_name_is_a_flag}
Task 4 HTTP/2 Request Tunneling
Click and continue learning!
No answer needed
Task 5 HTTP/2 Request Tunneling: Leaking Internal Headers
What's the value of the leaked internal header?
THM{not_secret_anymore}
Task 6 HTTP/2 Request Tunneling: Bypassing Frontend Restrictions
What is the value of the flag in /admin?
THM{staff_only}
Task 7 HTTP/2 Request Tunneling: Web Cache Poisoning
What is the value of the cookie stolen using web cache poisoning?
THM{nom_nom_cookies}
Task 8 h2c Smuggling
What's the value of the flag on /private?
THM{walls_are_a_suggestion}
Task 9 Conclusion
Click and continue learning!
No answer needed