FRAMESHIFTER: Security Implications of HTTP/2-to-HTTP/1 Conversion Anomalies presented at USENIX Security 2022

by Bahruz Jabiyev, Steven Sprecher, Anthony Innocenti,

Tags: Fuzzing I: Networks

URL : https://www.usenix.org/system/files/sec22-jabiyev.pdf

Summary : HTTP/2 adoption is rapidly climbing. However, in practice, Internet communications still rarely happen over end-to-end HTTP/2 channels. This is due to Content Delivery Networks and other reverse proxies, ubiquitous and necessary components of the Internet ecosystem, which only support HTTP/2 on the client's end, but not the forward connection to the origin server. Instead, proxy technologies predominantly rely on HTTP/2-to-HTTP/1 protocol conversion between the two legs of the connection.