Summary
This is a comprehensive playbook for exploiting cache layer vulnerabilities, split into two attack classes: cache deception (tricking a CDN into caching authenticated user data so attackers can retrieve it) and cache poisoning (injecting malicious content via unkeyed headers like X-Forwarded-Host). The methodology is thorough, covering path confusion tricks, CDN-specific behaviors across Cloudflare and Akamai, and normalization mismatches between proxies and applications. Use this when testing applications behind CDNs or reverse proxies where routing logic might treat /account/profile and /account/profile/x.css differently. The testing checklist and real-world patterns (especially the semicolon path separator tricks) make this immediately actionable for security assessments.
Install to Claude Code
npx -y skills add yaklang/hack-skills --skill web-cache-deception --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →First SeenMay 16, 2026
