Passive Fingerprinting of HTTP/2 Clients - Elad Shuster - AppSecUSA 2017 скачать в хорошем качестве

Passive Fingerprinting of HTTP/2 Clients - Elad Shuster - AppSecUSA 2017

Passive Fingerprinting of HTTP/2 Clients HTTP/2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred “on the wire” by introducing a full binary protocol that is made up of TCP connections, streams, and frames, rather than a plain-text protocol. Such a fundamental change from HTTP/1.x to HTTP/2, means that client-side and server-side implementations have to incorporate completely new code in order to support new HTTP/2 features. This introduces nuances in protocol implementations, which, in return, might be used to passively fingerprint web clients. Our research is based on more than 10 million HTTP/2 connections from which we extracted fingerprints for over 40,000 unique user agents across hundreds of implementations. In the presentation, I intend provide the following: • HTTP/2 Overview Introduction into the basic elements of the protocol a review the different components chosen for the fingerprint format (alongside a discussion on those left out) Potential use cases of the proposed fingerprint Usage Statistics - prevalence of HTTP/2 usage on Akamai’s platform • Examples of common HTTP/2 Implementations & Client fingerprints collected during the research • HTTP/2 support (or the lack of) among common web security tools (Burp suite, sqlmap, etc.) • Review of attacks over HTTP/2 observed on Akamai’s platform References: http://akamai.me/2qWIqON - whitepaper published by Akamai’s Threat-Research Team. Elad Shuster Security Data Analyst, Akamai CPA(il), MBA, Security Data Analyst at Akamai, with over 10 years of experience in data analysis across different industries. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...