h2csmuggler
Proxy smuggler
Smuggling HTTP traffic past proxy rules to bypass access controls
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
661 stars
17 watching
100 forks
Language: Python
last commit: almost 3 years ago
Linked from 2 awesome lists
bugbountyinfosecsecurity-researchsecurity-tools
vavkamil/awesome-bugbounty-tools
palindromelabs/awesome-websocket-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
 anshumanpattnaik/http-request-smuggling | Detects HTTP Request Smuggling vulnerabilities in web applications | 476 |
 portswigger/http-request-smuggler | An extension for Burp Suite to help identify and exploit HTTP Request Smuggling vulnerabilities. | 964 |
 detectify/varnish-h2-request-smuggling | A Docker-based test environment for simulating a Varnish HTTP/2 request smuggling vulnerability | 55 |
 defparam/smuggler | An HTTP Request Smuggling / Desync testing tool written in Python 3 | 1,840 |
 v3aqb/fwlite | An anti-censorship HTTP proxy with built-in support for various protocols. | 136 |
| bishopfox/dufflebag | Searches public EBS snapshots for hidden secrets and passwords | 289 |
 0ang3el/websocket-smuggle | A tool to expose security vulnerabilities in WebSocket reverse proxying allowing HTTP requests to be smuggled through | 341 |
| bishopfox/zigdiggity | A toolkit for testing and exploiting ZigBee networks to identify vulnerabilities in IoT devices | 265 |
 nxenon/h2spacex | A low-level HTTP/2 library for exploiting race conditions in web servers | 153 |
 valtteril/upnproxychain | Creates a SOCKS proxy server by chaining vulnerable UPnProxy devices | 82 |
 nachiketrathod/http.request.smuggling.desync.attack | An attacker exploits HTTP request smuggling to manipulate the sequence of requests and deceive both front-end and back-end security controls. | 14 |
| bishopfox/bfdecrypt | Utility to decrypt and access decrypted iOS apps on jailbroken devices | 444 |
| bishopfox/cloudfox | An open-source tool to help penetration testers gather information about cloud environments and identify potential vulnerabilities. | 1,983 |
 dcb9/curl2httpie | Tools to convert arguments between cURL and HTTPie protocols | 157 |
 bryanpkc/corkscrew | Tunneling tool for SSH through HTTP proxies | 1,142 |