Skip to content

Universe1122/smuggler.py

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
README.md
README.md
 
 
smuggler.py
smuggler.py
 
 

Repository files navigation

smuggler.py

# Summary

This tool is that send request to target server using simple payload for detecting http request smuggling.

But.. It is not finished yet, and is developing.

# How to use

  -h, --help   show this help message and exit
  --url URL    Input url. --url https://lactea.kr
  --agent      Generating random User-Agent. --agent
  --file FILE  Enter your file name. --file ips.txt

# Result

# CL.TE timing tech

If CL.TE case, tool sends a payload like below.

POST {} HTTP/1.1\r\n
Host: {}\r\n
Content-Length: 4\r\n
Transfer-Encoding: chunked\r\n
\r\n

When server's response is timeout, server is vulnerable to http request smuggling.

Tool will show the result like below.

ubuntu:~/environment/git/smuggler.py (master) $ python3 smuggler.py --url https://ac9f1faa1f71d93b807b054000660013.web-security-academy.net/ --agent

                                         _                             
         ___ _ __ ___  _   _  __ _  __ _| | ___ _ __       _ __  _   _ 
        / __| '_ ` _ \| | | |/ _` |/ _` | |/ _ \ '__|     | '_ \| | | |
        \__ \ | | | | | |_| | (_| | (_| | |  __/ |     _  | |_) | |_| |
        |___/_| |_| |_|\__,_|\__, |\__, |_|\___|_|    (_) | .__/ \__, |
                             |___/ |___/                  |_|    |___/ 
                        by universe 

[*] Generating fake user-agent...
[*] Done.
[*] Sending to https://ac9f1faa1f71d93b807b054000660013.web-security-academy.net/
[*] Testing CL.TE...
     └───> HTTP/1.1 500 Internal Server Error
[*] Server using CLTE
>> 
====== payload ======
POST / HTTP/1.1
Host: ac9f1faa1f71d93b807b054000660013.web-security-academy.net
Content-Length: 4
Transfer-Encoding: chunked

0


======================

# Update

- v0.2

Fixed an error when user don't input url including http:// or https://.

Fixed an bug not including fake user agent.

Added function that subdomain is scanned.

Added option for importing list. (Issue 1)

# Reference

https://portswigger.net/web-security/request-smuggling

https://github.com/gwen001/pentest-tools/blob/master/smuggler.py

About

HTTP request smuggling tools

Resources

Readme
Activity

Stars

17 stars

Watchers

2 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages