HTTP Desync Attack
HTTP Desync Attack ek prakar ka security vulnerability hai jo web servers aur clients ko nuksan pahunchati hai. Jab ek attacker HTTP Desync Attack ka istemal karta hai, tab usko ek improper request jari karna hota hai. Is improper request dwara attacker web server ko confuse kar deta hai aur web server isi confusion ki vajah se attacker se anumati prapt kar deta hai. Yeh attacker ko anya attacks karne ke liye ek darwaza pradan karta hai.
HTTP Desync Attack ko istemal karne ke liye attacker ek HTTP request bland karke bhejta hai jisme space, tab, newline aur kuch aur special characters shaamil hote hain. In characters ko istemal karne se attacker web server ko confuse kar deta hai aur yeh samjhta hai ki request pura ho gya hai.
Jab web server samajhta hai ki request pura ho gya hai, to wo chote se part ki processing par shuru hone lagta hai. Parantau, attacker ka agla request bhi usi connection par bheja jata hai aur yeh server ko confusing lagne lagta hai ki ye latest request hai ya phir kuchh pahle ki request hai. Jab yeh confusion create ho jata hai to attacker ko is confusion ke dwara web server ko direction mein manipulate karne ki anumati mil jati hai.
Yeh manipulation dekhne mein simple lagta hai, par yeh fir bhi ek serious problem hai jo HTTP protocol ke saath judi hai, isliye web server ya client ke dwara is problem se nijaat pana mahatvapurn hai.