9th International Conference on ICT for Sustainable Development

Authors - B. Shebu, Chungath Srinivasan, Amritha P.P.
Abstract - This paper investigates security vulnerabilities in the HTTP/3 protocol, particularly focusing on client-side request forgery attacks. We analyze different attack vectors, including server initial request forgery and connection migration request forgery, to comprehensively assess the associated risks. Our research employs simulations involving a vulnerable HTTP/3 website to expose potential weaknesses in both the protocol design and its implementation. These findings highlight the critical need for robust security measures to mitigate the threat of request forgery in modern web communication protocols. Notably, this work explores an alternative approach to traditional DNS-based request forgery by manipulating data directly within HTTP/3 packets.