h2c-websocket-smuggling
OfficialBypass proxy ACLs via H2C/WebSocket tunneling.
Software Engineering#red teaming#web penetration testing#h2c smuggling#websocket smuggling#reverse proxy bypass#ACL bypass
Authordreadnode
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill solves the problem of reverse proxies blocking access to internal backend paths and standard HTTP request smuggling techniques (CL.TE, TE.CL, TE.0) failing due to consistent body parsing between the proxy and backend server.
Core Features & Use Cases
- H2C Smuggling: Exploit proxy forwarding of HTTP/2 cleartext (H2C) upgrade headers to establish a direct tunnel to the backend, bypassing path-based access control lists, WAF rules, and proxy-layer authentication checks.
- WebSocket Smuggling: Leverage misconfigured WebSocket handshake validation (invalid version handling or SSRF-triggered health checks) to open persistent TCP tunnels to internal backend services.
- Use Case: When testing a web application behind a reverse proxy that blocks access to internal admin endpoints, use this Skill to establish a direct connection to the backend server and access restricted resources that are not exposed via the proxy's configured paths.
Quick Start
Use the h2c-websocket-smuggling skill to test if the target reverse proxy forwards H2C upgrade headers and establish a tunnel to access blocked internal backend paths.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: h2c-websocket-smuggling Download link: https://github.com/dreadnode/capabilities/archive/main.zip#h2c-websocket-smuggling Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.