coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #331 from m10x/patch-1

Browse Source 
Update cache-deception.md
This commit is contained in:
Carlos Polop 2022-05-07 11:36:38 +01:00 committed by GitHub
commit e552d8ebfe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pentesting-web/cache-deception.md
View File

@ -106,6 +106,11 @@ X-Host: attacker.com
Learn here about how to perform [Cache Poisoning attacks abusing HTTP Request Smuggling](http-request-smuggling/#using-http-request-smuggling-to-perform-web-cache-poisoning). Learn here about how to perform [Cache Poisoning attacks abusing HTTP Request Smuggling](http-request-smuggling/#using-http-request-smuggling-to-perform-web-cache-poisoning).
## Automated testing for Web Cache Poisoning
The [Web Cache Vulnerability Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner) can be used to test automated for web cache poisoning. It supports many different techniques and is highly customizable.
Example usage: `wcvs -u example.com`
# Cache Deception # Cache Deception
The goal of Cache Deception is to make clients **load resources that are going to be saved by the cache with their sensitive information**. The goal of Cache Deception is to make clients **load resources that are going to be saved by the cache with their sensitive information**.