H2Csmuggler – HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the vulnerability Insecure-by-default services Remediation guidance Here: https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c How to test? Any proxy endpoint that forwards h2c upgradeRead More

Burp Exporter – A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.You can export as: cURL Wget Python Request Perl LWP PHP HTTP_Request2 Go Native NodeJS Request jQuery AJAX PowerShell Requirements Jython >= 2.7.1 Burp Suite importIn Burp Suite, under the Extender/Extensions tab, click on the Add button, selectRead More

Re2Pcap – Create PCAP file from raw HTTP request or response in seconds

Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules.Re2Pcap allow you to quickly create PCAP file for raw HTTP request shown below POST /admin/tools/iplogging.cgi HTTP/1.1Host: 192.168.13.31:80User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0Accept: text/plain, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://192.168.13.31:80/admin/tools/iplogging.htmlContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With:Read More

X