reconftw icon indicating copy to clipboard operation
reconftw copied to clipboard

Published 20 hours ago verified publisher icon six2dez

Add HTTP Request Smuggling

Open daffainfo opened this issue 2 years ago • 3 comments

Nice tools! it helped me a lot when doing penetration testing. I have an idea to add HTTP request smuggling scan into reconftw using this tool

https://github.com/defparam/smuggler

What do you think? Thank you!

daffainfo avatar Sep 02 '22 10:09 daffainfo

Yeah sure! I will add this check in the next release :) Thanks for the suggestion

six2dez avatar Sep 02 '22 11:09 six2dez

I was analyzing the request and the only thing that sticks is how to decide which URLs will be sent to the tool, i.e. it depends on subjective decisions which URLs could be interesting to access by exploiting HTTP request smuggling, do you have any suggestion?

six2dez avatar Sep 10 '22 14:09 six2dez

I think list of domains can be inputted into the tools, for example

https://admin.example.com
https://pay.example.com
https://example.com

Ref: https://twitter.com/MeAsHacker_HNA/status/1538862580684443649

daffainfo avatar Sep 16 '22 15:09 daffainfo

Could do something like

cat Recon/Recon.com/webs/webs.txt | while read line; do python3 smuggler.py -u $line -q; done

Any detected issues would then be piped into the payloads folder of smuggler.py although worth noting this wont loko for http2 based smuggling

0x10f2c avatar Oct 02 '22 05:10 0x10f2c

fixed with https://github.com/six2dez/reconftw/commit/716fcf09ecf95ff6c9b884ee9c54f1ca91ded437

six2dez avatar Oct 02 '22 21:10 six2dez