What are Hop-by-Hop Headers?

Hop-by-Hop headers are HTTP headers that are not forwarded by proxies or gateways, but only apply to a single transport-level connection. They include headers like 'Connection', 'Keep-Alive', 'Proxy-Authenticate', and 'TE'. If not handled properly, these headers can be exploited to manipulate the behavior of proxies and gateways, leading to potential security vulnerabilities.

Exploiting Hop-by-Hop Headers Example

Here is a simple example of exploiting Hop-by-Hop headers:

             // HTTP request
             GET / HTTP/1.1
             Host: www.example.com
             Connection: keep-alive, upgrade
             Upgrade: h2c
             

In this example, the 'Connection' header is used to upgrade the connection to HTTP/2, potentially bypassing security controls that only apply to HTTP/1.1.

Prevention

Preventing exploitation of Hop-by-Hop headers involves proper handling of these headers by proxies and gateways, and secure application design. This includes:

• Proper header handling: Proxies and gateways should properly handle Hop-by-Hop headers and not forward them.
• Secure application design: Applications should be designed to not rely on Hop-by-Hop headers for security controls.