Kali
Http2Smugl tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as follows: An attacker sends a crafted HTTP/2 request to the target server, which we call frontend. The request is (presumably) converted to HTTP/1.1 and transmitted to another, backend server. …
Continue reading “Http2Smugl : Tool to detect and exploit HTTP request smuggling”
Smuggler is an HTTP Request Smuggling / Desync testing tool written in Python 3 Installation git clone https://github.com/defparam/smuggler.git cd smuggler python3 smuggler.py -h Example Usage Single Host: python3 smuggler.py -u List of hosts: cat list_of_hosts.txt | python3 smuggler.py Options usage: smuggler.py [-h] [-u URL] [-v VHOST] [-x] [-m METHOD] [-l LOG] [-q][-t TIMEOUT] [–no-color] [-c CONFIGFILE]optional …
Continue reading “Smuggler : An HTTP Request Smuggling / Desync Testing Tool”
