Smuggler - An HTTP Request Smuggling / Desync Testing Tool

An HTTP Request Smuggling / Desync testing tool written in Python 3 Acknowledgements A special thanks to James Kettle for his research and methods into HTTP desyncs And a special thanks to Ben Sadeghipour for beta testing Smuggler and for allowing me to discuss my work at Nahamcon 2020 IMPORTANT...

HTTP/2 Request Smuggling

HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...

HTTP/2 Request Smuggling

HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...

CORStest - A Simple CORS Misconfiguration Scanner

A simple CORSmisconfiguration scanner Based on theresearch of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing CORS misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential...

On Cache Poisoning

In March 2017, Akamai released a post, "On Web Cache Deception Attacks". A presentation at the Black Hat conference by James Kettle from Port Swigger on web cache poisoning has recently raised awareness of cache poisoning. This is a class of vulnerability with a long history. Cache poisoning can ...