Analyzing SPDY: Getting to know the new web protocol

Presented at Black Hat USA 2011, Aug. 3, 2011, 10 a.m. (60 minutes).

SPDY is Googles approach to a new standard-protocol for the web. As a replacement for HTTP it offers features like multiplexing multiple requests over a single TCP connection, header compression, flow-control (including prioritizing requests) and server-side push functionality. Because of the complexity that comes with such features, SPDY can also be attractive for attackers: For instance, hijacking server-side push functionality can lead to a whole new generation of XSS attacks.

This presentation is about an in-depth explanation of the upcoming standard and about the lessons learned during the implementation and testing of it.

The second half of the talk is about tools and methods for analyzing and intercepting SPDY traffic, like using a libspdy-based fork of mitmproxy for hijacking a SPDY session on the fly and pushing arbitary content to the client.


Presenters:

Links:

Similar Presentations: