GrrrDog/weird_proxies

# 奇怪的代理 这是一份关于各种反向代理行为及相关攻击的备忘录。 它是对各种反向代理、缓存代理、负载均衡器等进行分析的成果。 这篇文章 描述了该研究的目标以及如何使用这份备忘录。 已分析的内容： - [Nginx](Nginx.md) - [Apache](Apache.md) - [Haproxy/Nuster](Haproxy-and-Nuster.md) - [Varnish](Varnish.md) - [Traefik](Traefik.md) - [Envoy](Envoy.md) - [Caddy](Caddy.md) - [AWS](AWS.md) - [Cloudflare](Cloudflare.md) - [Stackpath](Stackpath.md) - [Fastly](Fastly.md) 附加内容： - [测试实验室](labs) 相关文章/白皮书/演讲： - [反向代理与不一致性](https://speakerdeck.com/greendog/reverse-proxies-and-inconsistency) - [奇怪的代理/2 以及一点魔法](https://speakerdeck.com/greendog/2-and-a-bit-of-magic) - [攻击 Web 应用中的次要上下文](https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/mobilepresent?slide=id.p) - [黑客攻击星巴克并访问近 1 亿条客户记录](https://samcurry.net/hacking-starbucks/) - [中间件，无处不在的中间件 - 以及大量需要修复的错误配置](https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/) - [ParseThru – 利用 Golang 中的 HTTP 参数走私](https://www.oxeye.io/blog/golang-parameter-smuggling-attack) - [HTTP.ninja](https://github.com/irsdl/httpninja) - [服务器技术 - 反向代理绕过](https://www.contextis.com/en/blog/server-technologies-reverse-proxy-bypass) - [破解镜头：瞄准 HTTP 隐藏的攻击面](https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface) - [滥用 HTTP 逐跳请求头](https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers) - [“真实”客户端 IP 的隐患](https://adam-p.ca/blog/2022/03/x-forwarded-for/) - [通过反向代理走私 HTTP 头](http://github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.html) - [异客之乡](https://speakerdeck.com/bo0om/at-home-among-strangers) - [h2c 走私：通过 HTTP/2 明文 (h2c) 进行请求走私](https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c) - [现实中的 H2C 走私](https://blog.assetnote.io/2021/03/18/h2c-smuggling/) - [一个从 Fastly 泄露未初始化内存的故事](https://medium.com/@emil.lerner/leaking-uninitialized-memory-from-fastly-83327bcbee1f) - [WebSocket API 怎么了？揭示 WebSocket API 中的漏洞](https://www.slideshare.net/0ang3el/whats-wrong-with-websocket-apis-unveiling-vulnerabilities-in-websocket-apis) - [HTTP Desync 攻击：请求走私的卷土重来](https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn) - [通过更高 HTTP 版本进行的 HTTP 请求走私](https://www.slideshare.net/neexemil/http-request-smuggling-via-higher-http-versions) - [HTTP/2：续集总是更糟](https://portswigger.net/research/http2) - [响应走私：利用 HTTP/1.1 连接](https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Martin%20Doyhenard%20-%20Response%20Smuggling-%20Pwning%20HTTP-1.1%20Connections.pdf) - [浏览器驱动的 Desync 攻击：HTTP 请求走私的新领域](https://portswigger.net/research/browser-powered-desync-attacks) - [通过响应队列中毒使 HTTP 头注入成为关键漏洞](https://portswigger.net/research/making-http-header-injection-critical-via-response-queue-poisoning) - [缓存投毒及其他卑劣手段](https://lab.wallarm.com/cache-poisoning-and-other-dirty-tricks-120468f1053f/) - [实用的 Web 缓存投毒](https://portswigger.net/research/practical-web-cache-poisoning) - [Web 缓存纠缠：投毒的新途径](https://i.blackhat.com/USA-20/Wednesday/us-20-Kettle-Web-Cache-Entanglement-Novel-Pathways-To-Poisoning-wp.pdf) - [HTTP 缓存测试](https://cache-tests.fyi/) - [CPDoS：缓存投毒拒绝服务](https://cpdos.org/) - [丢失的缓存键之谜](https://enumerated.wordpress.com/2020/08/05/the-case-of-the-missing-cache-keys/) - [利用 Web 缓存投毒实现负责任的拒绝服务](https://portswigger.net/research/responsible-denial-of-service-with-web-cache-poisoning) - [缓存投毒拒绝服务攻击技术](https://www.acunetix.com/blog/web-security-zone/cache-poisoning-dos-attack-techniques/) - [缓存键规范化导致的拒绝服务](https://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service/) - [Web 缓存欺骗攻击](https://omergil.blogspot.com/2017/02/web-cache-deception-attack.html) - [被缓存与被迷惑：现实中的 Web 缓存欺骗](https://sajjadium.github.io/files/usenixsec2020wcd_paper.pdf) - [让我们在缓存中起舞 - 破坏 Microsoft IIS 上的哈希表！](https://blog.orange.tw/2022/08/lets-dance-in-the-cache-destabilizing-hash-table-on-microsoft-iis.html)

标签：Apache, AWS, Caddy, CDN, CISA项目, Cloudflare, DPI, Envoy, Fastly, Haproxy, HTTP参数走私, HTTP请求头, HTTP请求走私, MITRE ATT&CK, Nginx, Stackpath, Traefik, Varnish, Web安全, 中间件安全, 反向代理, 备忘录, 情报收集, 攻击面分析, 未授权访问, 架构配置, 漏洞研究, 缓存代理, 网络安全, 蓝队分析, 请求拦截, 负载均衡, 路径穿越, 逆向代理, 速查表, 防御加固, 隐私保护