AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
Back To Schedule
Thursday, July 5 • 11:00am - 11:45am
Passive Fingerprinting of HTTP/2 Clients LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

HTTP/2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred “on the wire” by introducing a full binary protocol that is made up of TCP connections, streams, and frames, rather than a plain-text protocol. Such a fundamental change from HTTP/1.x to HTTP/2, means that client-side and server-side implementations have to incorporate completely new code in order to support new HTTP/2 features. This introduces nuances in protocol implementations, which, in return, might be used to passively fingerprint web clients.

Our research is based on more than 10 million HTTP/2 connections from which we extracted fingerprints for over 40,000 unique user agents across hundreds of implementations.

In the presentation, I intend to provide the following:

•HTTP/2 Overview
- Introduction into the basic elements of the protocol
- a review the different components chosen for the fingerprint format (alongside a discussion on those left out)
- Potential use cases of the proposed fingerprint
- Usage Statistics - prevalence of HTTP/2 usage on Akamai’s platform

•Examples of common HTTP/2 Implementations & Client fingerprints collected during the research

•HTTP/2 support (or the lack of) among common web security tools (Burp suite, sqlmap, etc.)

•Review of attacks over HTTP/2 observed on Akamai’s platform

ttp://akamai.me/2qWIqON - whitepaper published by Akamai’s Threat-Research Team. 

avatar for Elad Shuster

Elad Shuster

PM, PaloAltoNetworks
Leading a team or security researchers, at Akamai's Threat Research group.With over 10 years of data analysis experience across different industries, I am currently exploring new trends in the web security and bot detection, while helping maintain the defensive protections of Akamai's... Read More →

Thursday July 5, 2018 11:00am - 11:45am BST
Fleming - 3rd Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE