burp suite – HTTP Desync Attacks – TE.CL vs. Site

I've created a website that is hosted in Amazon AWS and uses AWSELB. I teach myself the security of web applications as I learn the evolution. That's why I've done a couple of site checks with BurpSuite. I've detected some XSS vulnerabilities, manually checked and fixed them, but I've also received one for HTTP Request Smuggling. I've reviewed the information PortSwigger provides on this topic, and I think I understand the general idea here. Based on what I see, the site may be vulnerable to TE.CL, but I'm having trouble checking it. The burp tool informs me that the vulnerability is based on the following request and response:

Post /site/path HTTP/1.1
Host: www.somehost.com
Content-Type: application/x-www-form-urlencoded
Transfer-Encoding: Chunked
Content-Length: 26
Connection: keep-alive
Cookie: sessionid=; sessionid.sig=; AWSALB=;

f
7dj19=x&dsa8k=x
0

and the answer:

HTTP/1.1 504 Gateway Time-out
Server: awselb/2.0
Date: 
Content-Type: text/html
Content-Length: 550
Connection: keep-alive
Set-Cookie: AWSALB=; Expires=date GMT; Path=/


504 Gateway Time-out

504 Gateway Time-out

I've tried to use the smuggler tool PortSwigger suggests, but apparently 504 is the only error that suggests it's a vuln is 504. I've done some searches, but I could not find any examples that have a 504. The answer the site displays is prone to this kind of thing. If someone could give guidance, he would be very grateful.
Thanks a lot!

burp suite – HTTP smuggling attacks – TE.CL vs Site

I've created a website that is hosted in Amazon AWS and uses AWSELB. I teach myself the security of web applications as I learn the evolution. That's why I've done a couple of site checks with BurpSuite. I've detected some XSS vulnerabilities, manually checked and fixed them, but I've also received one for HTTP Request Smuggling. I've reviewed the information PortSwigger provides on this topic, and I think I understand the general idea here. Based on what I see, the site may be vulnerable to TE.CL, but I'm having trouble checking it. The burp tool informs me that the vulnerability is based on the following request and response:

Post /site/path HTTP/1.1
Host: www.somehost.com
Content-Type: application/x-www-form-urlencoded
Transfer-Encoding: Chunked
Content-Length: 26
Connection: keep-alive
Cookie: sessionid=; sessionid.sig=; AWSALB=;

f
7dj19=x&dsa8k=x
0

and the answer:

HTTP/1.1 504 Gateway Time-out
Server: awselb/2.0
Date: 
Content-Type: text/html
Content-Length: 550
Connection: keep-alive
Set-Cookie: AWSALB=; Expires=date GMT; Path=/


504 Gateway Time-out

504 Gateway Time-out

I've tried to use the smuggler tool PortSwigger suggests, but apparently 504 is the only error that suggests it's a vuln is 504. I've done some searches, but I could not find any examples that have a 504. The answer the site displays is prone to this kind of thing. If someone could give guidance, he would be very grateful.
Thanks a lot!

Linux – How to redirect HTTP requests in Apache using ProxyPass

I work with OpenProject and pgAdmin.

While OpenProject configures itself completely, I am allowed to connect it from the outside http://ip-address/openproject

I'm trying to do the same for pgAdmin (listening on port 5050). So I did:

  • in the config.py File I changed DEFUALT_SERVER = 0.0.0.0 as recommended in a file,
  • in the pgadmin4.conf in the /etc/httpd/conf.d I have written

    
      ServerName MY_IP_ADDRESS
      DocumentRoot /usr/lib/python2.7/site-packages/pgadmin4-web/
    
      LoadModule wsgi_module modules/mod_wsgi.so
      WSGIDaemonProcess pgadmin processes=1 threads=25
      WSGIScriptAlias /pgadmin4 /usr/lib/python2.7/site-packages/pgadmin4-web/pgAdmin4.wsgi
    
      ProxyRequests off
    
      ProxyPass /pgadmin/ http://127.0.0.1:5050/ retry=0
      ProxyPassReverse /pgadmin/ http://127.0.0.1:5050/
    
    

I can connect to pgAdmin from another local computer http://my-ip-addres:5050/I can not connect hhtp://my-ip-address/pgadmin,

What am I doing wrong? All my attempts are based on thorough research on the internet, but maybe I missed something.

Is there an app to share data with an HTTP / HTTPS POST?

I'm trying to send an audio capture from my Android device to my website via the sharing menu.

Ideally, I would like to have an app that I can configure with a URL and that appears in the sharing menu. When I select the app's sharing icon, the data is sent to the preconfigured URL in a POST operation.

Note: My question is not how to code it, since I'm pretty sure I can. I ask if such an app already exists, because I just can not believe that someone has not written an app for it!

views – Strange AJAX HTTP error, 302 redirect errors after upgrade and migration

I have a Drupal 7 site (version 7.67) running on CloudWays, PHP 7.1, and MySQL 5.5.

I get the AJAX error "An AJAX HTTP error has occurred. HTTP result code: 302"
The debugging information is limited:

"Path: / admin / structure / views / some_view / preview / block / ajax"

This happens when editing any view (views 7.x-3.23) or when creating content with any autocomplete field.

Seems like it should be something simple that something has not been properly migrated and is not showing properly.

I have reviewed the server logs and the PHP logs and can not find anything that has anything to do with a redirect error other than the AJAX error.

Where do I look to fix this?

Thank you in advance.

haskell – Reads the HTTP header from the TCP socket

I'm building a web server in Haskell connected to TCP sockets over a network. To read the HTTP header of the client message, I use the following function:

import           Network.Socket          hiding ( recv )
import           Network.Socket.ByteString      ( recv )

import qualified Data.ByteString               as S
import           Data.ByteString.UTF8          as BSU ( fromString )

readHeader :: Socket -> IO S.ByteString
readHeader sock = go sock mempty
where
  go sock prevContent = do
    newContent <- recv sock maxNumberOfBytesToReceive
    let content = prevContent <> newContent
    -- Read the data from the socket unless it's empty which means
    -- that the client has closed its socket or we see an empty line
    -- which marks the end of the HTTP header
    if S.null newContent || emptyLine `S.isSuffixOf` content
      then return content
      else go sock content
  where
    -- Only read one byte at a time to avoid reading further than the
    -- empty line separating the HTTP header from the HTTP body
    maxNumberOfBytesToReceive = 1
    emptyLine                 = BSU.fromString "rnrn"

The function only reads one byte at a time, as I then want to read the rest of the client message from the socket. But I'm curious if the feature could be more efficient.

My first idea was to read more bytes (eg 1024) from the socket, to check if those bytes contained a blank line, to store that part (the HTTP header) in a ByteString and to put the bytes after the empty line back in to put the buffer of the socket. I'm not sure if it's possible or useful to put data back in the socket buffer.

I'm also interested in other code enhancements that come to your mind.

The whole project is here.

Start with stack ghci and then run main, Send him an HTTP request curl http://localhost:8080/

Command line – How to make an HTTP / HTTPS API call when an optical disk is inserted

I would like to start a particular command-line tool whenever an optical disc (eg CD, DVD or Blu-ray) is inserted. I am not interested in USB sticks or other storage media. I want to pass the mount path as an argument to the command-line tool.

Is there a system service that can do that? Ubuntu runs without a head.

Many thanks.

angle – Ionic 4 can not post http after build

Good boys,
I have an application in ionic 4 that sends http requests to an API. What happens when I start in the browser, everything works as expected, but when I create the message I receive on a real device (in this case, Android) Whenever I try to place an order, is:

{
Error: "The request encountered an error: no log:",
Status: -1
}

From what I've researched, the protocol changes on a real device.
Inquiries are made with "@ ionic-native / http / ngx".

Has anyone had this problem?

How can HTTP Parameter Pollution be exploited?

In HTTP Parameter Pollution I know theoretically how it works; You inject several HTTP lists with the same name to cause errors in the server, but I can not understand how to exploit this.

For example, if I send a request using this technique and know, for example, that the server is using the last occurrence of parameters, this technique may be useful because the server using the last occurrence does not care what other occurrences are correct? Or, if the server concatenates parameters with the same name, a server script will get a chained result.