HACKING HTTP/2: h2c SMUGGLING

3:07 I don't understand why the proxy stops monitoring the content? how does the h2c connection prevent the proxy from monitoring the connection??

NTonik

Beautiful explain as well as good concept...❤️🇮🇳

meljithpereira

I was trying to complete new portswigger labs related to this topic and I found your video :D <3 very insightful and helped me a lot !!

virenjoshi

Finally She remembered, She has a YouTube channel also 😀😀 😂

MokshitKalRa

Hey, I found the visual representation of the protocol switch very helpful ( 1:11 - 2:26 ). Throwing out an idea here but I think you should do that when you're explaining H2C as a concept as well (I mean in the beginning 0:27 - 1:11 where I see you speaking about it but there isn't a visual reference for me)

What I mean to say is, because of this video, I have a good understanding of the switching of protocol to H2C but not about H2C in general.

This is like a User-Experience feedback I guess and I hope it helps your upcoming videos.

anirudhm.s.

All proxies, load balancers do not monitor or inspect layer 7 headers and its pay load and if you want that to be inspected one has to have WAF ( web application firewall ) so that each HTTP transaction is inspected. Its not Load balancer or proxy job to inspect path or its content.

gurpreetapej

Hey!Super clear explanation.please do a practical video about dependency confusion.

dhivishvarshan

good Explained !! but we can't use of burpsuite so intercept their request am right ???

manline_root

So you are saying
When a h2c is established
It's not check by the proxy server and it's forwarded to the server directly?

Aolpha

😍After long time see you 😍And make attacks h2c in your video 😍

mathusankar

You cannot bypass every access control of the application. just the ones that are in the proxy part of the application.

jellemulckhuijse

i am class 10th student. and I already learn owasp top 10 with help of DVWA and burpsuit. and learn html css and javascript language. and solve portswigger lab but i am not find bug . i am window user
mein wifi ka password hack karna sikh gya, multiple ip addersse use karna sikha gya, kya mujha linux tool use karna nahi aata can you suggest me how to learn tools like assetfinder, dirsearch.etc

kabirsingh

Farah !! You should make tutorials, surely help you to gain some serious subscribers ... 👍👍

haritupadhyay.

Farah please tell me programming language is essential or not for bug bounties
Please. 🤗

shivamchaudhary

Pls make a video on how to bypass modsecurity firewall

HackerSumitJi

Hi I have one question to you can you tell me if we choose infosec filled then what about packages (salary ) . Write now I am in 2nd year of b tech and I have interest in infosec filled but when I think about packages it's good or not compare to web development .. please answer my question or create one video job opportunity and salary in infosec filled

rajjadhav

Can you plz tell us
Can someone learn cyber security ownly
Without any college
And if it is,
Are those students able to high package jobs
As it is without college or degree???

VJ-qrpe

Long time no see, hope you were doing well 😁!!

arinagrawal

Farah howz you...? after Long time
Hope that you are 🤗

senvishal