I was reading about desync attack and wondered how multiple client requests are handled over a single TCP or TLS connection. When a poisoned request is smuggled by the attacker and forwarded by proxy server to backend server over single stream, how the backend server differentiates between clients. I guess the proxy server just forwards the coming HTTP requests to respective backend servers.
[link] [comments]
from hacking: security in practice https://ift.tt/2FTJh9N
Comments
Post a Comment