Reposted by w0rker
We've just published a novel technique to bypass the __Host and __Secure cookie flags, to achieve maximum impact for your cookie injection findings: portswigger.net/research/coo...
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes
Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and serve
portswigger.net
September 3, 2025 at 2:54 PM
We've just published a novel technique to bypass the __Host and __Secure cookie flags, to achieve maximum impact for your cookie injection findings: portswigger.net/research/coo...
Reposted by w0rker
The possibilities for Bambdas will be endless. To name a few: hooking into the network stack, creating custom table columns, doing ninja searches, rolling your own automation.
October 18, 2023 at 1:37 PM
The possibilities for Bambdas will be endless. To name a few: hooking into the network stack, creating custom table columns, doing ninja searches, rolling your own automation.
Reposted by w0rker
There's still a load of potential for further research and discoveries in HTTP request smuggling. This massive-impact finding exploiting Akamai/F5 is a great example:
blog.malicious.group/from-akamai-...
blog.malicious.group/from-akamai-...
November 9, 2023 at 4:29 PM
There's still a load of potential for further research and discoveries in HTTP request smuggling. This massive-impact finding exploiting Akamai/F5 is a great example:
blog.malicious.group/from-akamai-...
blog.malicious.group/from-akamai-...