https://github.com/detectify/Varnish-H2-Request-Smuggling

https://github.com/detectify/Varnish-H2-Request-Smuggling

Last synced: 7 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/detectify/Varnish-H2-Request-Smuggling
• Owner: detectify
• Created: 2021-08-12T13:21:10.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2021-08-26T21:21:10.000Z (about 4 years ago)
• Last Synced: 2024-08-03T02:03:16.731Z (over 1 year ago)
• Language: VCL
• Size: 5.86 KB
• Stars: 54
• Watchers: 4
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-vulnerable-apps - Varnish HTTP/2 Request Smuggling - This repository a docker-compose file to setup a local environment that is vulnerable to CVE-2021-36740 Varnish HTTP/2 request smuggling. (OWASP Top 10 / Request Smuggling)
• awesome-hacking-lists - detectify/Varnish-H2-Request-Smuggling - (VCL)

README

          

# Varnish HTTP/2 Request Smuggling

This repository a docker-compose file to setup a local environment that

is vulnerable to CVE-2021-36740 Varnish HTTP/2 request smuggling. There is a blog post

at https://labs.detectify.com/2021/08/26/how-to-set-up-docker-for-varnish-http-2-request-smuggling/ describing the vulnerability and

the test environment.

The basis for this local environment comes from here https://info.varnish-software.com/blog/hitch-available-on-docker

but has been modified to be vulnerable.

## Installation

Requires docker

```bash

docker-compose up

```