Lab: Web cache poisoning via HTTP/2 request tunnelling

In-depth solution to PortSwigger's "Web cache poisoning via HTTP/2 request tunnelling" lab. 👀 Check out playlist https://www.youtube.com/playlist?list=PLGb2cDlBWRUX1_7RAIjRkZDYgAB3VbUSw for all my solutions to the HTTP Request Smuggling labs from PortSwigger. Try it yourself: https://portswigger.net/web-security/request-smuggling/advanced/request-tunnelling/lab-request-smuggling-h2-web-cache-poisoning-via-request-tunnelling Timestamps: 00:00 - Intro 00:27 - Detect the CRLF vulnerability 02:19 - Smuggle our first request 03:35 - Turn blind into non-blind using HEAD 04:16 - Find a resource larger than the frontpage 05:54 - Find a sink for a reflection attack 08:05 - Add padding to our sink to solve the lab