A curated list of awesome blogs and tools about HTTP request smuggling attacks. Feel free to contribute! π»
β124Sep 6, 2022Updated 3 years ago
Alternatives and similar repositories for Awesome-HTTPRequestSmuggling
Users that are interested in Awesome-HTTPRequestSmuggling are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- β17May 10, 2021Updated 4 years ago
- Basic XSS Scannerβ11Jan 21, 2021Updated 5 years ago
- β28Jun 7, 2022Updated 3 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.β346Nov 20, 2022Updated 3 years ago
- β563Mar 27, 2025Updated 11 months ago
- β32May 9, 2021Updated 4 years ago
- Blog about HTTP Request Smuggling, including a demo application.β32Jan 4, 2022Updated 4 years ago
- Detects request smuggling via HTTP/2 downgrades.β94Jul 30, 2022Updated 3 years ago
- Removes duplicate entries from a file, resulting in only unique parameter combinations. Useful for parsing waybackurls and making recon mβ¦β11May 31, 2020Updated 5 years ago
- β12Oct 2, 2022Updated 3 years ago
- a benchmarking&stressing tool that can send raw HTTP requestsβ165Sep 24, 2022Updated 3 years ago
- HTTP Request Smuggling Detection Toolβ536Dec 21, 2023Updated 2 years ago
- β38Aug 27, 2022Updated 3 years ago
- Capture all RabbitMQ messages being sent through a broker.β32Feb 13, 2021Updated 5 years ago
- BlizzardWrap - A CLI tool for encoding and decoding (supports several formats/algos)β16Jun 19, 2021Updated 4 years ago
- Source Code Management Attack Toolkitβ13Aug 1, 2022Updated 3 years ago
- β95Sep 18, 2021Updated 4 years ago
- HTTP Request Smuggling over HTTP/2 Cleartext (h2c)β785May 10, 2022Updated 3 years ago
- Python-based CLI Password Analyser (Reporting Tool)β32Aug 13, 2021Updated 4 years ago
- a low(zero) cost threat intelligence&response tool against phishing domainsβ157Dec 8, 2022Updated 3 years ago
- β29Jan 10, 2023Updated 3 years ago
- π»πππ‘ If an attacker has created a fake enterprise wireless network, my goal is to deceive him.β18Feb 10, 2019Updated 7 years ago
- 2022 CTF public releaseβ23Jun 15, 2022Updated 3 years ago
- Issues with WebSocket reverse proxying allowing to smuggle HTTP requestsβ392Aug 15, 2024Updated last year
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3β2,063Jan 2, 2024Updated 2 years ago
- β71Nov 8, 2021Updated 4 years ago
- Subdomain takeover scanner using Python asyncioβ18Oct 24, 2022Updated 3 years ago
- Burp Suite Extension useful to verify OAUTHv2 and OpenID securityβ176Oct 26, 2024Updated last year
- NLog Target for GrayLog2β17Mar 29, 2019Updated 6 years ago
- all manner of wordlistsβ24Jan 19, 2022Updated 4 years ago
- A traffic analyzer to evade Empire's communication from Anomaly-Based IDSβ108Aug 13, 2018Updated 7 years ago
- Blind SQL Injection (BSQLI) Data Exploration Toolβ18Feb 18, 2017Updated 9 years ago
- Random utilities from my security projects that might be useful to othersβ183Jan 26, 2025Updated last year
- [NDSS 2024] ReqsMiner is an innovative fuzzing framework developed to discover previously unexamined inconsistencies in CDN forwarding reβ¦β25Jun 27, 2024Updated last year
- All The Notes And Tips I FOund In Github And Twitter I Put Them Hereβ35Aug 31, 2020Updated 5 years ago
- Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.��β134Jul 11, 2021Updated 4 years ago
- Stanford's Machine Learning Exercisesβ12Apr 7, 2020Updated 5 years ago
- JSON CSRF PoCβ14Aug 1, 2020Updated 5 years ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devicesβ329Jul 11, 2025Updated 8 months ago