HTTP Smuggling/De-Sync Attacks

chaitin / xray

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

https://docs.xray.cool

Other

10.47k stars 1.83k forks source link

HTTP Smuggling/De-Sync Attacks #711

Closed uBadRequest closed 7 months ago

uBadRequest commented 4 years ago

Hello,

Could you add checks for HTTP Smuggling/De-Sync attacks? Here's a python script with payloads https://github.com/gwen001/pentest-tools/blob/master/smuggler.py

Thanks!

zema1 commented 4 years ago

I will try. But It might be difficult to construct a deformed http request with go standard http lib which checks a lot and try to "fix" that errors. related issue: https://github.com/golang/go/issues/28026