An official website of the United States government
Modern web applications involve multiple HTTP processors on the traffic path, each acting as a reverse proxy and processing client requests. Even when such proxies are secure in isolation, when combined into complex systems, minor HTTP parsing discrepancies between them can lead to various severe attacks such as cache poisoning and HTTP request smuggling attacks. We propose Gudifu, a new approach that improves the state-of- the-art HTTP differential fuzzing approaches in two main ways: 1) taking a graybox fuzzing approach to probe the parsing behavior of HTTP proxies and 2) using a new algorithm which is capable of searching for discrepancies in the entire HTTP request. These improvements lead to the discovery of significantly more parsing discrepancies and discrepancy-based attack vectors which were previously unknown.
more »
« less
- Home
- Search Results
- Page 1 of 1
Search for: All records
Creators/Authors contains:
"Onarlioglu, Kaan"
-
Total Resources2
- Resource Type
-
0002000000000000
- More
- Availability
-
20
- Author / Contributor
- Filter by Author / Creator
-
-
Gavazzi, Anthony (2)
-
Jabiyev, Bahruz (2)
-
Kirda, Engin (2)
-
Onarlioglu, Kaan (2)
-
#Tyler Phillips, Kenneth E. (0)
-
#Willis, Ciara (0)
-
& Abreu-Ramos, E. D. (0)
-
& Abramson, C. I. (0)
-
& Abreu-Ramos, E. D. (0)
-
& Adams, S.G. (0)
-
& Ahmed, K. (0)
-
& Ahmed, Khadija. (0)
-
& Aina, D.K. Jr. (0)
-
& Akcil-Okan, O. (0)
-
& Akuom, D. (0)
-
& Aleven, V. (0)
-
& Andrews-Larson, C. (0)
-
& Archibald, J. (0)
-
& Arnett, N. (0)
-
& Arya, G. (0)
-
- Filter by Editor
-
-
& Spizer, S. M. (0)
-
& . Spizer, S. (0)
-
& Ahn, J. (0)
-
& Bateiha, S. (0)
-
& Bosch, N. (0)
-
& Brennan K. (0)
-
& Brennan, K. (0)
-
& Chen, B. (0)
-
& Chen, Bodong (0)
-
& Drown, S. (0)
-
& Ferretti, F. (0)
-
& Higgins, A. (0)
-
& J. Peters (0)
-
& Kali, Y. (0)
-
& Ruiz-Arias, P.M. (0)
-
& S. Spitzer (0)
-
& Sahin. I. (0)
-
& Spitzer, S. (0)
-
& Spitzer, S.M. (0)
-
(submitted - in Review for IEEE ICASSP-2024) (0)
-
-
Have feedback or suggestions for a way to improve these results?
!
Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher.
Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
-
-
Jabiyev, Bahruz; Gavazzi, Anthony; Onarlioglu, Kaan; Kirda, Engin (, The 27th International Symposium on Research in Attacks, Intrusions and Defenses (RAID))
Full Text Available