Headers are a critical part of HTTP, and it has been shown that they are increasingly subject to middlebox manipulation. Although this is well known, little is understood about the general regional and network trends that underpin these manipulations. In this paper, we collect data on thousands of networks to understand how they intercept HTTP headers in-the-wild. Our analysis reveals that 25% ...

Network traces are a useful tool in understanding how users navigate the web. Knowing the sequence of pages that led a user to arrive at a malicious website can help researchers develop techniques to prevent users from reaching such sites. Nevertheless, inferring sound causation between HTTP requests is a challenging task. Previous work often inferred these relationships without proper calibrat...

When an adaptive media streaming system has to switch from one representation of the content to another, the switch causes viewer distraction. We introduce the concept of representation switch smoothing for alleviating the distraction and improving the overall quality of experience. As adaptive HTTP streaming systems typically deploy video buffers on the client side, the adaptation decision is ...

This paper presents Mahimahi, a framework to record traffic from HTTP-based applications, and later replay it under emulated network conditions. Mahimahi improves upon prior record-and-replay frameworks in three ways. First, it is more accurate because it carefully emulates the multi-server nature of Web applications, present in 98% of the Alexa US Top 500 Web pages. Second, it isolates its own...

Among the diverse forms of malware, Botnet is the most widespread and serious threat which occurs commonly in today's cyberattacks. A botnet is a group of compromised computers which are remotely controlled by hackers to launch various network attacks, such as DDoS attack, spam, click fraud, identity theft and information phishing. The defining characteristic of botnets is the use of command an...

A webpage with 376 objects of size 1 KB each. A webpage with 10 objects of size 435 KB each. A webpage with 136 objects of size 1 KB to 620 KB each. ● Page load times (PLTs) over h2 are lower than PLTs over h1, because in the case of h1 with 6 TCP connections the server can send at most 6 objects in parallel. ● Whereas in the case of h2 with many streams multiplexed onto single connection, the ...

HTTP Digest is known to be vulnerable to man-in-the-middle attacks, even when run inside TLS, if the same passwords are used for authentication in some other context without TLS. This is a general problem that affects not just HTTP digest but also other IETF protocols. However, for a class of strong algorithms the attack is avoidable. This document defines version 2 of the HTTP Digest AKA algor...

This paper provides a logical analysis of the avoidance of wishful thinking based on conflict resolutions between informational and motivational attitudes such as beliefs and desires. Several desiderata for conflict resolutions are introduced, discussed and tested in a rule-based logic. The results suggest that Reiter’s default logic is too strong, in the sense that a weaker notion of maximalit...

This memo applies the Upgrade mechanism in HTTP/1.1 to employ Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured traffic to share the same well known port (in this case, http: at 80 rather than https: at 443). This also enables "virtual hosting," by allowing a single HTTP + TLS server to disambiguate traffic intended for several hostnames at a sing...

Persistent connections address ine ciencies associated with multiple concurrent connections. They can improve response time when successfully used with pipelining to retrieve a set of objects from a Web server. In practice, however, there is inconsistent support for persistent connections, particularly with pipelining, from Web servers, user agents, and intermediaries. Web browsers continue to ...