request-smuggling
OfficialExploit HTTP desync vulnerabilities.
Software Engineering#penetration testing#web security#vulnerability exploitation#request smuggling#http desync#http/2
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit HTTP request smuggling vulnerabilities, where front-end and back-end servers disagree on request boundaries, enabling attacks like request hijacking and access control bypass.
Core Features & Use Cases
- Vulnerability Detection: Identifies CL.TE, TE.CL, and HTTP/2 downgrade smuggling.
- Exploitation: Facilitates request hijacking, access control bypass, and cache poisoning.
- Use Case: A penetration tester suspects a web application is vulnerable to request smuggling. They use this Skill to confirm the vulnerability and then craft a smuggled request to bypass an IP-based access control list, gaining access to an administrative interface.
Quick Start
Use the request-smuggling skill to detect and exploit CL.TE vulnerabilities against the target URL 'https://example.com'.
Dependency Matrix
Required Modules
smuggler.pyh2csmuggler
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: request-smuggling Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#request-smuggling Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.