- Notifications
You must be signed in to change notification settings - Fork0
HTTP Smuggling Visualizer / Simulator
License
NotificationsYou must be signed in to change notification settings
kizzx2/SmugPal
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
HTTP Smuggling simulator / visualizer and command line generator.
Workbench for developing HTTP Smuggling / Desync exploits interactively and visually.
Inspired byRegexPal,revshells.com
- real time interactive colorization of request splits
- command line generator (netcat / socat for HTTPS)
- HTTP/2 support (ALPN Negotiation)
- ready to useTE.CL template
- ready to useCL.TE template
- ready to useCL.0 template
- ready to useH2.TE template
- ready to useH2.CL template
- ready to use "H2.WS Upgrade" template (slide 36 inthis deck)
- Support multiple requests in HTTP2 inputs
- As you can see the current UI does not look great. PRs welcome to improve the look & feel of the app.
The current payload template assumes HTTPS when used with HTTP/2. This is because as of writing, apparentlymitmproxy does not support prior-knowledge H2 connections. When I tried with Burp I got similar results so I assume it is also the same case.
If you want to use it without HTTPS, simply comment out the line that saysctx.wrap_socket in the script.
About
HTTP Smuggling Visualizer / Simulator