Skills
.Work. You
Rest

http2-specific-attacks

Community

Validate and execute HTTP/2 attack paths fast.

Software Engineering#multiplexing#security assessment#protocol testing#http2#request smuggling#h2c#hpack
AuthorlNwNl
Version1.0.0
Installs0

System Documentation

What problem does it solve?

It helps security testers understand and reproduce HTTP/2 protocol-specific weaknesses that are missed by HTTP/1.1-oriented request-smuggling or race-condition checklists.

Core Features & Use Cases

  • HTTP/2 h2c Upgrade Smuggling Playbooks: Probe and attempt bypasses where proxies forward Upgrade: h2c without inspecting the resulting HTTP/2 tunnel.
  • Pseudo-header Manipulation & Routing Confusion: Test discrepancies across :path, :authority, and :scheme that can yield access-control bypasses or vhost confusion.
  • HPACK & Multiplexing Abuse: Assess HPACK compression/table behaviors and multiplexing edge cases like stream races, priority starvation, and rapid resets.
  • H2→H1 Downgrade Translation Checks: Identify downgrade-induced vulnerabilities such as header injection via binary formatting, TE/CL discrepancies, and malformed header handling.

Quick Start

Use the http2-specific-attacks skill to generate an HTTP/2-focused testing plan for a target URL and include concrete probes for h2c, pseudo-header discrepancies, HPACK/multiplexing behaviors, and any observed H2→H1 downgrade path.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: http2-specific-attacks
Download link: https://github.com/lNwNl/Methodos/archive/main.zip#http2-specific-attacks

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.