web-vuln-http-smuggling
CommunityDetect and confirm HTTP request smuggling
Software Engineering#web-security#curl#proxy#differential-analysis#netcat#http-request-smuggling#timing-probes
Authorwoohyun212
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill provides a structured methodology to discover and confirm HTTP request smuggling (desync) vulnerabilities that arise from parser disagreements between front-end proxies/CDNs and back-end servers, preventing cache poisoning, request hijacking, WAF bypass, and credential theft.
Core Features & Use Cases
- Variant Coverage: Tests CL.TE, TE.CL, TE.TE, and H2.CL variants using timing probes, header obfuscation, and downgrade checks.
- Practical Probes: Provides repeatable curl and netcat probe patterns plus guidance for Burp Suite automation to generate timing signals and differential responses.
- Verification & Impact: Describes differential-response confirmation techniques and documents impact chains and proxy fingerprint indicators to support triage and reporting.
- Use Case: Ideal for penetration testing or bug bounty assessments of web applications behind CDNs, load balancers, or reverse proxies where misframed requests can be abused.
Quick Start
Run the CL.TE timing probe against a POST endpoint behind a proxy and follow up any timing signals with differential response verification using curl or netcat.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: web-vuln-http-smuggling Download link: https://github.com/woohyun212/security-skill/archive/main.zip#web-vuln-http-smuggling Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.