HTTP

H2Csmuggler – HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

01 Oct 2020 By

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the vulnerability Insecure-by-default services Remediation guidance Here: https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c How to test? Any proxy endpoint that forwards h2c upgradeRead More

CRLFMap – A Tool To Find HTTP Splitting Vulnerabilities

18 Sep 2020 By

CRLFMap is a tool to find HTTP Splitting vulnerabilities Why? I wanted to write a tool in Golang for concurrency I wanted to be able to fuzz both parameters and paths Installation go get github.com/ryandamour/crlfmap Help Available Commands: help Help about any command scan A scanner for all your CRLF needsFlags: -h, –help help forRead More

Pivotnacci – A Tool To Make Socks Connections Through HTTP Agents

27 May 2020 By

Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with HTTP agents. The architecture looks like the following: This tool was inspired by the great reGeorg. However, it includes some improvements: Support for balanced servers Customizable polling interval, useful to reduce detection rates Auto dropRead More

Httpgrep – Scans HTTP Servers To Find Given Strings In URIs

21 Apr 2020 By

A python tool which scans for HTTP servers and finds given strings in URIs. Usage $ httpgrep -H–==[ httpgrep by nullsecurity.net ]==–usage httpgrep -h <args> -s <arg> [opts] | <misc>opts -h <hosts|file> – single host or host-range/cidr-range or file containing hosts, e.g.: foobar.net, 192.168.0.1-192.168.0.254, 192.168.0.0/24, /tmp/hosts.txt -p <port> – port to connect to (default: 80)Read More

Pwndrop – Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV

17 Apr 2020 By

pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV.If you’ve ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m SimpleHTTPServer, pwndrop is definitely for you!Read More

HTTP Asynchronous Reverse Shell – Asynchronous Reverse Shell Using The HTTP Protocol

08 Mar 2020 By

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered.However security software and hardware (IPS, IDS, Proxy, AV, EDR…) are more and more powerful and can detect these attacks. Most of the time the connectionRead More

Aduket – Straight-forward HTTP Client Testing, Assertions Included

14 Feb 2020 By

Straight-forward HTTP client testing, assertions included! Simple httptest.Server wrapper with a little request recorder spice on it. No special DSL, no complex API to learn. Just create a server and fire your request like an Hadouken then assert them. TODO Add example usages Add docs Add response headers to NewServer Add request header assertions AddRead More

Re2Pcap – Create PCAP file from raw HTTP request or response in seconds

07 Feb 2020 By

Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules.Re2Pcap allow you to quickly create PCAP file for raw HTTP request shown below POST /admin/tools/iplogging.cgi HTTP/1.1Host: 192.168.13.31:80User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0Accept: text/plain, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://192.168.13.31:80/admin/tools/iplogging.htmlContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With:Read More

X