Http2Smugl tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion by the frontend server. The scheme is as follows: An attacker sends a crafted HTTP/2 request to the target server, which we call frontend. The request is (presumably) converted to HTTP/1.1 and transmitted to another, backend server. …
Continue reading “Http2Smugl : Tool to detect and exploit HTTP request smuggling”