ghost-bits-cast-attack
CommunityBypass WAF/IDS in Java services with Ghost Bits/Cast Attack
Authorbingook
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps bypass WAF/IDS in Java services where 16-bit char is silently narrowed to 8-bit byte, enabling attacks like SQL injection, deserialization RCE, file upload, path traversal, CRLF injection, request smuggling, and SMTP injection.
Core Features & Use Cases
- WAF Bypass: Use Ghost Bits to bypass WAF/IDS for SQL injection, deserialization RCE, file upload, path traversal, CRLF injection, request smuggling, and SMTP injection.
- Java Backend Attacks: Affects Tomcat, Spring, Jetty, Undertow, Vert.x, Jackson, Fastjson, Apache Commons BCEL, Apache HttpClient, Angus Mail, JDK HttpServer, Lettuce, Jodd, XMLWriter, and re-enables many "patched" CVEs through WAF bypass.
- Use Case: When attacking a Java service with a WAF/IDS, use Ghost Bits to test for vulnerabilities that may be blocked by the WAF.
Quick Start
Use the ghost-bits-cast-attack skill to test for SQL injection vulnerabilities in a Java service.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ghost-bits-cast-attack Download link: https://github.com/bingook/bingo/archive/main.zip#ghost-bits-cast-attack Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.