hunt-cache-poison
CommunityFind cache poisoning paths and validate impact.
Software Engineering#security testing#cdn#bug bounty#http headers#cache poisoning#web cache deception#unkeyed headers
AuthorCarlos-Reyes-UTP
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps you identify and prove cache poisoning issues where an attacker-controlled request causes other users to receive an attacker-injected (or attacker-chosen) cached response.
Core Features & Use Cases
- Cache infrastructure mapping: Detect caching layers and signals (Age, X-Cache, CF-Cache-Status, Via) to confirm that poisoning is even possible.
- Unkeyed input discovery: Determine which headers or parameters are not included in the cache key by varying requests and checking whether the cached response changes.
- Web cache deception validation: Identify cases where attacker-controlled URLs (e.g., appending extensions like .css/.jpg) make dynamic authenticated content get cached as if it were static.
- Blast-radius and severity gating: Reproduce the effect from a separate client and estimate persistence/impact using TTL and cache behavior before claiming severity.
Quick Start
Use the hunt-cache-poison skill to map cache behavior, test for unkeyed headers like X-Forwarded-Host, attempt web cache deception with extension-like URL paths, and confirm cross-client impact using fresh unauthenticated requests.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-cache-poison Download link: https://github.com/Carlos-Reyes-UTP/Desarrollo-de-Sistema-de-Ventas-Empresas-de-Moda/archive/main.zip#hunt-cache-poison Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.