AI Summary: Weird Proxies is a comprehensive cheat sheet designed to document the behaviors and vulnerabilities of various reverse proxies, cache proxies, and load balancers. The tool serves as a resource for security professionals analyzing potential security threats and related attack vectors associated with commonly used proxy technologies like Nginx, Apache, and AWS. Notable features include detailed analyses and links to additional research articles, offering practical insights for understanding weaknesses in proxy configurations.

README

Weird Proxies

It’s a cheat sheet about behaviour of various reverse proxies and related attacks.

It is a result of analysis of various reverse proxies, cache proxies, load balancers, etc. The article (https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/) describes the goals of the research and how you can use the cheat sheet.

Analyzed stuff:

• Nginx
• Apache
• Haproxy/Nuster
• Varnish
• Traefik
• Envoy
• Caddy
• AWS
• Cloudflare
• Stackpath
• Fastly

Additional:

• Test Labs

Related articles/white papers/presentations:

• Reverse proxies & Inconsistency
• Weird proxies/2 and a bit of magic
• Attacking Secondary Contexts in Web Applications
• Hacking Starbucks and Accessing Nearly 100 Million Customer Records
• Middleware, middleware everywhere - and lots of misconfigurations to fix
• ParseThru – Exploiting HTTP Parameter Smuggling in Golang
• HTTP.ninja
• Server Technologies - Reverse Proxy Bypass
• Cracking the lens: targeting HTTP’s hidden attack-surface
• Abusing HTTP hop-by-hop request headers
• The perils of the “real” client IP
• Smuggling HTTP headers through reverse proxies
• At Home Among Strangers
• h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
• H2C Smuggling in the Wild
• A story of leaking uninitialized memory from Fastly
• What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs
• HTTP Desync Attacks: Request Smuggling Reborn
• HTTP Request Smuggling via higher HTTP versions
• HTTP/2: The Sequel is Always Worse
• Response Smuggling:Exploiting HTTP/1.1 Connections
• Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
• Making HTTP header injection critical via response queue poisoning
• Cache poisoning and other dirty tricks
• Practical Web Cache Poisoning
• Web Cache Entanglement: Novel Pathways to Poisoning
• HTTP Caching Tests
• CPDoS: Cache Poisoned Denial of Service
• The Case of the Missing Cache Keys
• Responsible denial of service with web cache poisoning
• Cache Poisoning Denial-of-Service Attack Techniques
• Cache-Key Normalization DoS
• Web Cache Deception Attack
• Cached and Confused: Web Cache Deception in the Wild
• Let’s Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!