How to join the desync endgame
I had the awesome oppertunity to head to DEFCON 33 this year with some help from Portswigger! As a result of the trip, I also got the chance to absolutely nerd out about their latest research paper HTTP/1 must die: The desync endgame on their blog. The post covers how to get stuck in with desync vulnerabilities as a pentester or a bug bounty hunter. In particular, how to adapt the HTTP Request Smuggler extension in order to find novel desync attacks.
This post is licensed under CC BY 4.0 by the author.