performing-web-cache-deception-attack

# Performing Web Cache Deception Attack ## When to Use - When testing applications behind CDNs or reverse proxies (Cloudflare, Akamai, Varnish, Nginx) - During assessment of authenticated page caching behavior - When evaluating path normalization differences between caching and origin layers - During bug bounty hunting on applications with aggressive caching policies - When testing for sensitive data exposure through cache layer misconfiguration ## Prerequisites - Understanding of HTTP caching mechanisms (Cache-Control, Vary, Age headers) - Knowledge of CDN path normalization and cache key construction - Burp Suite for intercepting and crafting requests - Two browser sessions (authenticated victim and unauthenticated attacker) - Understanding of URL path parsing differences across technologies - Familiarity with common CDN platforms (Cloudflare, Akamai, Fastly, AWS CloudFront) > **Legal Notice:** This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws. ## Workflow ### Step 1 — Identify Caching Layer and Behavior ```bash # Determine if a caching layer exists curl -I http://target.com/account/profile # Look for: X-Cache, CF-Cache-Status, Age, Via, X-Varnish headers # Check caching rules for static extensions curl -I "http://target.com/static/style.css" # Look for: X-Cache: HIT, CF-Cache-Status: HIT, Age: >0 # Identify whi...