HTTP Request Smuggling Detection Tool
-
Updated
Dec 21, 2023 - Python
HTTP Request Smuggling Detection Tool
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.
Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/splitting).
Rust-powered HTTP Request Smuggling Scanner.
HTTP request smuggling attack helper/CLI tools to manipulate HTTP packets
HTTP3ONSTEROIDS - A research on CVE-2023-25950 where HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name.
HTTP request smuggling examples
HTTP Request Smuggling Payload List
Golang HTTP echo server (real raw request echoed)
Personal TryHackMe write-ups, notes and methodologies covering web application penetration testing, vulnerability discovery, exploitation and remediation.
Notes from TryHackMe's Web Application Pentesting path. Goes beyond OWASP Top 10 basics into JWT and OAuth attacks, NoSQL/XXE/SSTI/LDAP injection, SSRF, insecure deserialization, and HTTP request smuggling across HTTP/1.1, HTTP/2, and WebSockets, with full kill chain writeups for each module's challenge room.
Web reconnaissance & cache-deception attack-chain tooling for authorized CTF / lab testing
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
Add a description, image, and links to the http-request-smuggling topic page so that developers can more easily learn about it.
To associate your repository with the http-request-smuggling topic, visit your repo's landing page and select "manage topics."