0ang3el / websocket-smuggle
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
☆335Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for websocket-smuggle
- ☆528Updated 10 months ago
- Client Side Prototype Pollution Scanner☆511Updated 2 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆508Updated 9 months ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆343Updated last year
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆802Updated 2 years ago
- DNS rebinding toolkit☆250Updated last year
- List DTDs and generate XXE payloads using those local DTDs.☆608Updated 8 months ago
- Content-Type Research☆539Updated 9 months ago
- ☆654Updated 2 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆296Updated last year
- HTTP Request Smuggling over HTTP/2 Cleartext (h2c)☆650Updated 2 years ago
- PNG IDAT chunks XSS payload generator☆170Updated 2 years ago
- Smart ssrf scanner using different methods like parameter brute forcing in post and get...☆274Updated 3 years ago
- A simple SSRF-testing sheriff written in Go☆315Updated last week
- HTTP file upload scanner for Burp Proxy☆397Updated last year
- ☆397Updated 2 years ago
- Simple websites vulnerable to Server Side Template Injections(SSTI)☆373Updated last year
- This repository contains all the XSS cheatsheet data to allow contributions from the community.☆403Updated this week
- TheftFuzzer is a tool that fuzzes Cross-Origin Resource Sharing implementations for common misconfigurations.☆308Updated last year
- ☆127Updated 3 years ago
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆253Updated 2 years ago
- Payloads for CRLF Injection☆215Updated 3 weeks ago
- Turbo Intruder Scripts☆215Updated 4 years ago
- HackerOne "in scope" domains☆399Updated this week
- A mini webserver with FTP support for XXE payloads☆326Updated 10 months ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆278Updated 7 years ago
- The Serverless Blind XSS App☆327Updated 7 months ago
- Default signature for Jaeles Scanner☆319Updated 2 years ago
- Automatic tool for DNS rebinding-based SSRF attacks☆293Updated 4 years ago