Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-23 21:24:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4388: No subject

Browse source
This commit is contained in:
CPol 2024-08-21 13:45:38 +00:00 committed by gitbook-bot
parent 63a99c33e1
commit 1eac4cf2cc
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pentesting-web/timing-attacks.md
View file

@ -42,9 +42,9 @@ In the same research, it was shared that the timing technique was great to disco
Once an scoped open proxy is discovered, it was possible to find valid targets by parsing known subdomains of the target and this allowed to:
* **Bypass firewalls** by accessing restricted subdomains via the open proxy instead of through internet
* Checking subdomains it was even possible to discover and access internal subdomains not publicly known
* **Front-End impersonation attacks**: Front-end servers normally add headers for the backend. In open proxies, if you are able to find these headers (which you might be able to do using Timing attacks again), you will be able to set these headers and gather further access.
* **Bypass firewalls** by accessing restricted subdomains via the **open proxy** instead of through internet
* Moreover, abusing an **open proxy** it's also possible to **discover new subdomains only accessible internally.**
* **Front-End impersonation attacks**: Front-end servers normally add headers for the backend like `X-Forwarded-For` or `X-Real-IP`. Open proxies that receives these headers will add them to the requested endpoint, therefore, an attacker could be able to access even more internal domains by adding these headers will whitelisted values.
## References