在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:PortSwigger/http-request-smuggler开源软件地址:https://github.com/PortSwigger/http-request-smuggler开源编程语言:Java 94.0%开源软件介绍:HTTP Request SmugglerThis is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you. This extension should not be confused with Burp Suite HTTP Smuggler, which uses similar techniques but is focused exclusively bypassing WAFs. InstallThe easiest way to install this is in Burp Suite, via If you prefer to load the jar manually, in Burp Suite (community or pro), use CompileTurbo Intruder is a dependency of this project, add it to the root of this source tree as Build using: Linux: Windows: Grab the output from UseRight click on a request and click If you're using Burp Pro, any findings will also be reported as scan issues. If you right click on a request that uses chunked encoding, you'll see another option marked For more advanced use watch the video. PracticeWe've released a collection of free online labs to practise against. Here's how to use the tool to solve the first lab - HTTP request smuggling, basic CL.TE vulnerability:
By changing the 'prefix' variable in step 7, you can solve all the labs and virtually every real-world scenario. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论