ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing
Linkai Zheng
Network and Distributed System Security (NDSS) Symposium 2024 · Day 1 · Fuzzing
Content Delivery Networks (CDNs) are fundamental components of modern internet infrastructure, crucial for accelerating content delivery and providing robust security against various online threats. However, their role as man-in-the-middle proxies often leads to unintended modifications of client requests as they are forwarded to origin servers. These alterations, while sometimes aimed at performance optimization or security, can introduce subtle yet critical operational inconsistencies that can be exploited for severe security vulnerabilities, including HTTP Request Smuggling, Cache Poisoned Denial of Service (CPDoS), and various forms of Denial of Service (DoS) attacks. Prior research has identified several such issues, but a systematic, automated approach to uncover these inconsistencies broadly has been lacking.