Loading…
AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
View analytic
Thursday, July 5 • 11:00am - 11:45am
Passive Fingerprinting of HTTP/2 Clients LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

HTTP/2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred “on the wire” by introducing a full binary protocol that is made up of TCP connections, streams, and frames, rather than a plain-text protocol. Such a fundamental change from HTTP/1.x to HTTP/2, means that client-side and server-side implementations have to incorporate completely new code in order to support new HTTP/2 features. This introduces nuances in protocol implementations, which, in return, might be used to passively fingerprint web clients.

Our research is based on more than 10 million HTTP/2 connections from which we extracted fingerprints for over 40,000 unique user agents across hundreds of implementations.

In the presentation, I intend to provide the following:

•HTTP/2 Overview
- Introduction into the basic elements of the protocol
- a review the different components chosen for the fingerprint format (alongside a discussion on those left out)
- Potential use cases of the proposed fingerprint
- Usage Statistics - prevalence of HTTP/2 usage on Akamai’s platform

•Examples of common HTTP/2 Implementations & Client fingerprints collected during the research

•HTTP/2 support (or the lack of) among common web security tools (Burp suite, sqlmap, etc.)

•Review of attacks over HTTP/2 observed on Akamai’s platform

References
ttp://akamai.me/2qWIqON - whitepaper published by Akamai’s Threat-Research Team. 

Speakers
avatar for Elad Shuster

Elad Shuster

Security Data Analyst, Akamai
Leading a team or security researchers, at Akamai's Threat Research group. | With over 10 years of data analysis experience across different industries, I am currently exploring new trends in the web security and bot detection, while helping maintain the defensive protections of Akamai's... Read More →


Thursday July 5, 2018 11:00am - 11:45am
Fleming - 3rd Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

Attendees (45)