Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/detectify/Varnish-H2-Request-Smuggling
https://github.com/detectify/Varnish-H2-Request-Smuggling
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/detectify/Varnish-H2-Request-Smuggling
- Owner: detectify
- Created: 2021-08-12T13:21:10.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2021-08-26T21:21:10.000Z (about 3 years ago)
- Last Synced: 2024-06-16T23:34:05.516Z (5 months ago)
- Language: VCL
- Size: 5.86 KB
- Stars: 53
- Watchers: 4
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-vulnerable-apps - Varnish HTTP/2 Request Smuggling - This repository a docker-compose file to setup a local environment that is vulnerable to CVE-2021-36740 Varnish HTTP/2 request smuggling. (OWASP Top 10 / Request Smuggling)
- awesome-hacking-lists - detectify/Varnish-H2-Request-Smuggling - (VCL)
README
# Varnish HTTP/2 Request Smuggling
This repository a docker-compose file to setup a local environment that
is vulnerable to CVE-2021-36740 Varnish HTTP/2 request smuggling. There is a blog post
at https://labs.detectify.com/2021/08/26/how-to-set-up-docker-for-varnish-http-2-request-smuggling/ describing the vulnerability and
the test environment.
The basis for this local environment comes from here https://info.varnish-software.com/blog/hitch-available-on-docker
but has been modified to be vulnerable.
## Installation
Requires docker
```bash
docker-compose up
```