http-request-smuggling
Smuggling detector
Detects HTTP Request Smuggling vulnerabilities in web applications
HTTP Request Smuggling Detection Tool
476 stars
8 watching
101 forks
Language: Python
last commit: about 1 year ago
Linked from 1 awesome list
blackhatchunked-encodingcontent-lengthdefcon27desync-attackhttp-request-smugglingportswiggerpython3smugglingtransfer-encoding
vavkamil/awesome-bugbounty-toolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 nachiketrathod/http.request.smuggling.desync.attack | An attacker exploits HTTP request smuggling to manipulate the sequence of requests and deceive both front-end and back-end security controls. | 14 |
 portswigger/http-request-smuggler | An extension for Burp Suite to help identify and exploit HTTP Request Smuggling vulnerabilities. | 964 |
 defparam/smuggler | An HTTP Request Smuggling / Desync testing tool written in Python 3 | 1,840 |
 amirnsahmad/smuggler | A tool for testing HTTP request smuggling and desync issues in web servers. | 13 |
 bishopfox/h2csmuggler | Smuggling HTTP traffic past proxy rules to bypass access controls | 661 |
 detectify/varnish-h2-request-smuggling | A Docker-based test environment for simulating a Varnish HTTP/2 request smuggling vulnerability | 55 |
| defparam/tiscripts | Tools for generating custom request smuggling payloads to exploit vulnerabilities in web applications. | 218 |
 0ang3el/websocket-smuggle | A tool to expose security vulnerabilities in WebSocket reverse proxying allowing HTTP requests to be smuggled through | 341 |
| portswigger/json-decoder | A set of BurpSuite extensions for pentesting and testing | 10 |
 boy-hack/hack-requests | A lightweight Python HTTP library for analyzing and interacting with web servers | 466 |
 viralmaniar/murmurhash | Tools for detecting phishing websites by analyzing favicon hashes and searching on Shodan | 115 |
 trycatchhcf/packetwhisper | A tool for stealthy data transfer using DNS queries and text-based steganography to evade attribution and detection. | 624 |
| portswigger/httpoxy-scanner | Tools to help identify vulnerabilities in web applications using HTTPoxy scanning. | 90 |
 penumbra-x/rquest | An asynchronous HTTP client with TLS and fingerprint spoofing capabilities | 112 |
 ch3k1/squidmagic | Analyzes web-based network traffic to detect malicious command and control servers using Squid proxy server and Spamhaus | 78 |