performing-web-cache-poisoning-attack

# Performing Web Cache Poisoning Attack ## When to Use - During authorized penetration tests when the application uses CDN or reverse proxy caching (Cloudflare, Akamai, Varnish, Nginx) - When assessing web applications for cache-based vulnerabilities that could affect all users - For testing whether unkeyed HTTP headers are reflected in cached responses - When evaluating cache key behavior and cache deception vulnerabilities - During security assessments of applications with aggressive caching policies ## Prerequisites - **Authorization**: Written penetration testing agreement explicitly covering cache poisoning testing - **Burp Suite Professional**: With Param Miner extension for automated unkeyed header discovery - **curl**: For manual cache testing with precise header control - **Target knowledge**: Understanding of the caching layer (CDN provider, cache headers) - **Cache buster**: Unique query parameter to isolate test requests from other users - **Caution**: Cache poisoning affects all users; test with cache-busting parameters first > **Legal Notice:** This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws. ## Workflow ### Step 1: Identify the Caching Layer and Behavior Determine what caching infrastructure is in use and how the cache key is constructed. ```bash # Check cache-related response headers curl -s -I...