Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/SafeBreach-Labs/HRS
https://github.com/SafeBreach-Labs/HRS
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/SafeBreach-Labs/HRS
- Owner: SafeBreach-Labs
- License: bsd-3-clause
- Created: 2020-07-13T19:12:36.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-07-20T14:39:04.000Z (over 4 years ago)
- Last Synced: 2024-11-16T11:51:33.691Z (3 months ago)
- Language: Perl
- Size: 5.86 KB
- Stars: 49
- Watchers: 5
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- WebHackersWeapons - HRS - Labs/HRS?label=%20)||[](/categorize/langs/Perl.md)| (Weapons / Tools)
- Awesome-HTTPRequestSmuggling - SafeBreach-Labs/HRS
README
# HRS
## Author: Amit Klein, Safebreach.
HTTP Request Smuggling demonstration Perl script, for variants 1, 2 and 5 in my BlackHat US 2020 paper [HTTP Request Smuggling in 2020](https://www.blackhat.com/us-20/briefings/schedule/#http-request-smuggling-in---new-variants-new-defenses-and-new-challenges-20019).
Running:
smuggle.pl host port variant(1/2/5) POST_path target_path poison_path
Examples:
- Variant 1 (Header SP junk):
smuggle.pl www.example.com 80 1 /hello.php /welcome.html /poison.html
- Variant 2 (Header SP junk + Wait):
smuggle.pl www.example.com 80 2 /hello.php /welcome.html /poison.html
- Variant 5 (CR Header + Wait):
smuggle.pl www.example.com 80 5 /hello.php /welcome.html /poison.html