Comments on: HTTP Cache Poisoning

By: Anonymous

Anonymous — Fri, 10 Feb 2012 00:31:00 +0000

From what I can remember the language field was the only input field in the form, its arbitrary. Substitute it with any text input field on the form you are attacking basically…

By: DForget

DForget — Fri, 10 Feb 2012 00:19:00 +0000

Excellent write-up! One thing I don’t get is how a hacker would know to use “language=” other than having WebScarab or Wireshark on the network to pick up the request. Sure that’as a logical guess but in reality…?

By: santhosh

santhosh — Thu, 12 May 2011 09:35:40 +0000

Refer the following for video tutorial of http splitting http://yehg.net/lab/pr0js/training/view/owasp/webgoat/WebGoat_Simulation_General/WebGoat_Simulation_General.html

By: David Harvey

David Harvey — Fri, 06 May 2011 21:22:27 +0000

Awesome write up. Thanks.

By: frank

frank — Wed, 06 Apr 2011 00:42:28 +0000

@Samarth sorry, I don’t know of any video I think you just need to stick at it and keep track of the requests and responses as closely as possible to figure out whats going on, HTH :-)

By: Samarth Sharma

Samarth Sharma — Tue, 29 Mar 2011 19:58:45 +0000

hi,

http splitting is still giving me the headache , can you email me the link where

there is any vedio representation of these attacks are given………….

thanks
samarth sharma

By: oam

oam — Sun, 23 May 2010 07:26:29 +0000

The HTTP splitting lesson is giving me a headache too.
However I think that when you say “The second “correct” response from the server is lost I’m guessing, because the browser responds to the first response it receives.” this assumption is wrong.
See http://infond.blogspot.com/2010/04/tutorial-http-splitting-attack-with.html

By: 5 XSS Exploits You Should Know About (& how to prevent them) | Deadly Technology

Fri, 19 Jun 2009 15:39:33 +0000

[...] on from my HTTP Splitting post, this post rounds up 5 common cross site scripting (xss) attacks and how to prevent [...]