CLZero is a strong program that helps security experts and penetration testers find and use attack vectors for HTTP/1.1 CL.0 Request Smuggling.

Request smuggling is a major security hole in web applications that can let hackers in and cause data to leak, among other bad things. CLZero was based on the tool Smuggler and uses attack gadgets that were modified from Smuggler’s work.

The defense community’s ability to work together is shown by this tool. Thanks to @albinowax, @defparam, and @d3d for their work on CLZero.

Request Smuggling vulnerabilities in web applications can be found and used more easily with CLZero. This makes it an important tool for security workers to have. It has many features, such as the ability to handle both single and multiple target URLs, load configuration files for custom payloads, and pick up where the last scan left off.

This piece will talk about how to use, install, and customize CLZero, which will help security researchers and testers improve the security of web applications.

A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors.

About

Thank you to @albinowax, @defparam and @d3d else this tool would not exist. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and link

For more info see: link

Usage

usage: clzero.py [-h] [-url URL] [-file FILE] [-index INDEX] [-verbose] [-no-color] [-resume] [-skipread] [-quiet] [-lb] [-config CONFIG] [-method METHOD]

CLZero by Moopinger

optional arguments:
  -h, --help      show this help message and exit
  -url URL        (-u), Single target URL.
  -file FILE      (-f), Files containing multiple targets.
  -index INDEX    (-i), Index start point when using a file list. Default is first line.
  -verbose        (-v), Enable verbose output.
  -no-color       Disable colors in HTTP Status
  -resume         Resume scan from last index place.
  -skipread       Skip the read response on smuggle requests, recommended. This will save a lot of time between requests. Ideal for targets with standard HTTP traffic.
  -quiet          (-q), Disable output. Only successful payloads will be written to ./payloads/
  -lb             Last byte sync method for least request latency. Due to the nature of the request, it cannot guarantee that the smuggle request will be processed first. Ideal for targets with a high
                  amount of traffic, and you do not mind sending multiple requests.
  -config CONFIG  (-c) Config file to load, see ./configs/ to create custom payloads
  -method METHOD  (-m) Method to use when sending the smuggle request. Default: POST

single target attack:

  • python3 clzero.py -u https://www.target.com/ -c configs/default.py -skipread
  • python3 clzero.py -u https://www.target.com/ -c configs/default.py -lb

Multi target attack:

  • python3 clzero.py -l urls.txt -c configs/default.py -skipread
  • python3 clzero.py -l urls.txt -c configs/default.py -lb

Install

git clone https://github.com/Moopinger/CLZero.git
cd CLZero
pip3 install -r requirements.txt