Security and Communication Networks
 2022
DOI: 10.1155/2022/3121177
|View full text |Cite
|
Sign up to set email alerts
|

Attacking Websites: Detecting and Preventing HTTP Request Smuggling Attacks

Qi-Xian Huang
1
,
Min-Yi Chiu
2
,
Ying-Feng Chen
3
et al.

Abstract: Until the development of HTTP request smuggling in 2005, individual HTTP requests were considered as independent entities and could not be split or merged. This is a security problem caused by inconsistent content length interpretation approach between web servers, or the web server is not fully implemented in accordance with the RFC standard. It is especially dangerous for web services with complex web architectures. It can route the victims to receive malicious responses, amplify the impact of certain low-th… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Publication Types

Select...
1

Relationship

0
1

Authors

Journals

citations
Cited by 1 publication
(1 citation statement)
references
References 13 publications
0
1
0
Order By: Relevance
“…A research article titled "Attacking Websites: Detecting and Preventing HTTP Request Smuggling Attacks " explained that inconsistent content length interpretation between web servers is specifically dangerous for web services with complex web architectures. It can route the victims to receive malicious responses, steal user credentials, or bypass network devices' defenses [25].…”
Section: Browser Powered Desync As a Variant Of Http Request Smugglingmentioning
confidence: 99%

Exploration of browser-powered desync attacks via HTTP/3

Muvaffak
0
0
0
0
View full textAdd to dashboardCite
“…A research article titled "Attacking Websites: Detecting and Preventing HTTP Request Smuggling Attacks " explained that inconsistent content length interpretation between web servers is specifically dangerous for web services with complex web architectures. It can route the victims to receive malicious responses, steal user credentials, or bypass network devices' defenses [25].…”
Section: Browser Powered Desync As a Variant Of Http Request Smugglingmentioning
confidence: 99%

Exploration of browser-powered desync attacks via HTTP/3

Muvaffak
0
0
0
0
View full textAdd to dashboardCite
scite logo

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Product
Browser ExtensionAssistant by sciteCitation Statement SearchReference CheckVisualizationsDashboardsExplore JournalsExplore OrganizationsExplore FundersEmbedding BadgeEmbedding Citation SearchPricing
Resources
BlogHelp & FAQAccessibility StatementAPI TermsFor Universities & GovernmentsFor ResearchersFor PublishersFor Corporate, Pharma & EnterpriseAuthor MarketingBecome an AffiliateGet an organization trial or quotescite Data & Services
About
News & PressCareersRead our PaperCoverage

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

BlogTerms and ConditionsAPI TermsPrivacy PolicyContactCookie PreferencesDo Not Sell or Share My Personal Information

Copyright © 2025 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.