Presented at
AppSec USA 2017,
Sept. 22, 2017, 9 a.m.
(45 minutes).
HTTP/2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol that is made up of TCP connections, streams, and frames, rather than a plain-text protocol. Such a fundamental change from HTTP/1.x to HTTP/2, means that client-side and server-side implementations have to incorporate completely new code in order to support new HTTP/2 features. This introduces nuances in protocol implementations, which, in return, might be used to passively fingerprint web clients.
Our research is based on more than 10 million HTTP/2 connections from which we extracted fingerprints for over 40,000 unique user agents across hundreds of implementations.
In the presentation, I intend provide the following:
• HTTP/2 Overview
- Introduction into the basic elements of the protocol
- a review the different components chosen for the fingerprint format (alongside a discussion on those left out)
- Potential use cases of the proposed fingerprint
- Usage Statistics - prevalence of HTTP/2 usage on Akamai's platform
• Examples of common HTTP/2 Implementations & Client fingerprints collected during the research
• HTTP/2 support (or the lack of) among common web security tools (Burp suite, sqlmap, etc.)
• Review of attacks over HTTP/2 observed on Akamai's platform
References:
http://akamai.me/2qWIqON - whitepaper published by Akamai's Threat-Research Team.
Presenters:
-
Elad Shuster
- Security Data Analyst - Akamai
CPA(il), MBA, Security Data Analyst at Akamai, with over 10 years of experience in data analysis across different industries.
At Akamai I'm part of the Threat Operations team, exploring new trends in the web security and responsible for maintaining the defensive protections of the Kona security product suite, based on Akamai's big data platform.
Links:
Similar Presentations: