什么是 pentest-http-smuggling?
HTTP 请求走私、异步攻击、缓存中毒和协议级漏洞测试。 来源:jd-opensource/joysafeter。
·pentest-http-smuggling
!
pentest-http-smuggling
✓HTTP 请求走私、异步攻击、缓存中毒和协议级漏洞测试。
如何安装 pentest-http-smuggling
通过命令行快速安装 pentest-http-smuggling AI 技能到你的开发环境
- 打开终端: 打开你的终端或命令行工具(如 Terminal、iTerm、Windows Terminal 等)
- 运行安装命令: 复制并运行以下命令:npx skills add https://github.com/jd-opensource/joysafeter --skill pentest-http-smuggling
- 验证安装: 安装完成后,技能将自动配置到你的 AI 编程环境中,可以在 Claude Code、Cursor 或 OpenClaw 中使用
来源:jd-opensource/joysafeter。
SKILL.md
查看原文Purpose Detect and exploit discrepancies between front-end proxies and back-end servers in HTTP request parsing. These attacks bypass security controls, poison caches, and hijack requests — entirely absent from standard taint analysis pipelines.
| WSTG-INPV-15 | HTTP Request Smuggling | ✅ | | WSTG-INPV-17 | Host Header Injection | ✅ |
| Smuggling Detection | smuggler.py, HTTP Request Smuggler (Burp) | Automated CL.TE/TE.CL detection | | HTTP/2 Testing | h2csmuggler, curl --http2, nghttp | H2 downgrade and desync attacks | | Timing Attacks | Turbo Intruder | Microsecond-precision request timing | | Raw Requests | Python sockets, netcat | Crafted malformed HTTP requests |
HTTP 请求走私、异步攻击、缓存中毒和协议级漏洞测试。 来源:jd-opensource/joysafeter。
可引用信息
为搜索与 AI 引用准备的稳定字段与命令。
- 安装命令
npx skills add https://github.com/jd-opensource/joysafeter --skill pentest-http-smuggling- 分类
- !安全工具
- 认证
- ✓
- 收录时间
- 2026-02-26
- 更新时间
- 2026-03-10
快速解答
如何安装 pentest-http-smuggling?
打开你的终端或命令行工具(如 Terminal、iTerm、Windows Terminal 等) 复制并运行以下命令:npx skills add https://github.com/jd-opensource/joysafeter --skill pentest-http-smuggling 安装完成后,技能将自动配置到你的 AI 编程环境中,可以在 Claude Code、Cursor 或 OpenClaw 中使用
这个 Skill 的源码在哪?
https://github.com/jd-opensource/joysafeter
详情
- 分类
- !安全工具
- 来源
- skills.sh
- 收录时间
- 2026-02-26