HTTP Request Smuggling Detection Tool
-
Updated
Dec 21, 2023 - Python
HTTP Request Smuggling Detection Tool
CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.
Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/splitting).
Rust-powered HTTP Request Smuggling Scanner.
HTTP request smuggling attack helper/CLI tools to manipulate HTTP packets
HTTP3ONSTEROIDS - A research on CVE-2023-25950 where HAProxy's HTTP/3 implementation fails to block a malformed HTTP header field name.
HTTP request smuggling examples
Golang HTTP echo server (real raw request echoed)
HTTP Request Smuggling Payload List
Web reconnaissance & cache-deception attack-chain tooling for authorized CTF / lab testing
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
CLTEcho is an advanced HTTP Request Smuggling detection suite featuring AI-powered analysis, concurrent scanning, and comprehensive reporting. With 6 threat detection types, ML-based anomaly detection, HTTP/2 support, and WAF bypass techniques, it delivers enterprise-grade security testing with professional HTML/JSON reports for security researcher
Notes from TryHackMe's Web Application Pentesting path. Goes beyond OWASP Top 10 basics into JWT and OAuth attacks, NoSQL/XXE/SSTI/LDAP injection, SSRF, insecure deserialization, and HTTP request smuggling across HTTP/1.1, HTTP/2, and WebSockets, with full kill chain writeups for each module's challenge room.
Personal TryHackMe write-ups, notes and methodologies covering web application penetration testing, vulnerability discovery, exploitation and remediation.
Add a description, image, and links to the http-request-smuggling topic page so that developers can more easily learn about it.
To associate your repository with the http-request-smuggling topic, visit your repo's landing page and select "manage topics."