Threat Type: Attack

Reference ID: WASC-24


HTTP Request Splitting

HTTP Request Splitting is an attack that enables forcing the browser to send arbitrary HTTP requests, inflicting XSS and poisoning the browser’s cache. The essence of the attack is the ability of the attacker, once the victim (browser) is forced to load the attacker’s malicious HTML page, to manipulate one of the browser’s functions to send 2 HTTP requests instead of one HTTP request. Two such mechanisms have been exploited to date: the XmlHttpRequest object (XHR for short) and the HTTP digest authentication mechanism. For this attack to work, the browser must use a forward HTTP proxy (not all of them “support” this attack), or the attack must be carried out against a host located on the same IP (from the browser’s perspective) with the attacker’s machine.