pentest-http-smuggling

Purpose Detect and exploit discrepancies between front-end proxies and back-end servers in HTTP request parsing. These attacks bypass security controls, poison caches, and hijack requests — entirely absent from standard taint analysis pipelines.

| WSTG-INPV-15 | HTTP Request Smuggling | ✅ | | WSTG-INPV-17 | Host Header Injection | ✅ |

| Smuggling Detection | smuggler.py, HTTP Request Smuggler (Burp) | Automated CL.TE/TE.CL detection | | HTTP/2 Testing | h2csmuggler, curl --http2, nghttp | H2 downgrade and desync attacks | | Timing Attacks | Turbo Intruder | Microsecond-precision request timing | | Raw Requests | Python sockets, netcat | Crafted malformed HTTP requests |

تهريب طلبات HTTP، وهجمات إلغاء المزامنة، وتسميم ذاكرة التخزين المؤقت، واختبار الثغرات الأمنية على مستوى البروتوكول. المصدر: jd-opensource/joysafeter.