cache-attack

Community

Exploit CDN and reverse-proxy cache flaws.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill solves the problem of identifying and exploiting web cache poisoning (WCP) and web cache deception (WCD) vulnerabilities in CDNs and reverse proxies, which are often undetected during standard surface-level web reconnaissance and vulnerability scanning.

Core Features & Use Cases

  • Cache Infrastructure Detection: Automatically identifies CDN and reverse proxy providers (CloudFront, Cloudflare, Fastly, Varnish, Nginx) via cache response headers.
  • WCP Vulnerability Testing: Tests for unkeyed input reflection and validates cache storage of malicious payloads to enable stored cross-site scripting and open redirect attacks via poisoned caches.
  • WCD Vulnerability Testing: Validates cache deception flaws by forcing caches to store sensitive user pages (e.g., profile, admin dashboards) that attackers can then access.
  • Use Case: After standard web recon finds no direct vulnerabilities, use this Skill to pivot to infrastructure-layer attacks against targets using common caching layers, expanding the attack surface beyond application-level flaws.

Quick Start

Use the cache-attack skill to test the target example.com for web cache poisoning and deception vulnerabilities, starting with automated cache header detection and CDN identification.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: cache-attack
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#cache-attack

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.