Proxy / Infrastructure

Multi-hop and edge attacks — Traefik host-header routing, request-parsing desync, and topology enumeration through docs, headers, and operational endpoints.

0 categories 3 notes

Notes

3 total

Enumeration through Docs, Headers, and Exposed Operational Endpoints

Map topology from accidentally exposed headers and operational APIs before mutating payloads.

web proxy enumeration information-disclosure recon headers

Header and Transfer-Parsing Desync as an Infrastructure Attack Surface

Treat mismatched hop-by-hop parsing across a multi-hop HTTP/1.1 chain as the bug itself, surfacing internal routes or split requests.

web proxy request-smuggling http-desync transfer-encoding infrastructure

Traefik Dashboard / API Exposure → Routing via the Host Header

Read Traefik router rules to learn internal vhost names, then route your request by sending the expected Host header.

web proxy traefik host-header routing information-disclosure