ワンクリックでManusで任意のスキルを実行

始める

pentest-http-smuggling

スター284

フォーク55

更新日2026年2月11日 09:17

HTTP request smuggling, desync attacks, cache poisoning, and protocol-level vulnerability testing.

インストール

Codex または Claude でインストールこの Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。

Manusで実行

ソース

jd-opensource

jd-opensource/JoySafeter

GitHub リポジトリを開く Creator のリポジトリを見る

ダウンロード

Manusで実行

Pentest HTTP Smuggling

Purpose

Detect and exploit discrepancies between front-end proxies and back-end servers in HTTP request parsing. These attacks bypass security controls, poison caches, and hijack requests — entirely absent from standard taint analysis pipelines.

Prerequisites

Authorization Requirements

Written authorization with explicit scope for protocol-level testing
Infrastructure awareness — identify all reverse proxies, CDNs, load balancers in path
Rollback plan for cache poisoning tests (CDN purge access)
Emergency contacts for infrastructure team (smuggling can affect other users)

Environment Setup

Python 3.x with raw socket capability for crafted HTTP requests
Burp Suite Professional with HTTP Request Smuggler extension
curl compiled with HTTP/2 support (--http2-prior-knowledge)
Turbo Intruder for timing-sensitive attacks
Network capture tool (Wireshark/tcpdump) for response analysis

Core Workflow

Stack Fingerprinting: Identify reverse proxies (nginx, HAProxy, Cloudflare, AWS ALB), CDNs, load balancers. Determine HTTP version support (HTTP/1.1, HTTP/2) and parsing behavior.
CL.TE Smuggling: Craft requests where front-end uses Content-Length and back-end uses Transfer-Encoding. Observe differential parsing and request boundary confusion.
TE.CL Smuggling: Reverse scenario — front-end uses Transfer-Encoding, back-end uses Content-Length. Test with obfuscated TE headers.
TE.TE Smuggling: Both sides use Transfer-Encoding but one can be confused with header obfuscation (capitalization, whitespace, duplicate headers).
HTTP/2 Downgrade: Exploit H2-to-H1 translation at reverse proxies. Header injection via pseudo-headers, CRLF injection in H2 headers, request splitting through H2 CONTINUATION frames.
Cache Poisoning: Poison cached responses with attacker-controlled content. Test cache key vs cache content discrepancies. Verify with different client sessions.
Host Header Attacks: Host header injection, password reset poisoning, routing-based SSRF, web cache poisoning via ambiguous Host headers (WSTG-INPV-17).
Impact Validation: Demonstrate cache poisoning, credential theft, request hijacking, or security control bypass as PoC.

WSTG Coverage

WSTG ID	Test Name	Status
WSTG-INPV-15	HTTP Request Smuggling	✅
WSTG-INPV-17	Host Header Injection	✅

Tool Categories

Category	Tools	Purpose
Smuggling Detection	smuggler.py, HTTP Request Smuggler (Burp)	Automated CL.TE/TE.CL detection
HTTP/2 Testing	h2csmuggler, curl --http2, nghttp	H2 downgrade and desync attacks
Timing Attacks	Turbo Intruder	Microsecond-precision request timing
Raw Requests	Python sockets, netcat	Crafted malformed HTTP requests
Cache Analysis	curl, custom scripts	Cache behavior verification
Traffic Capture	Wireshark, tcpdump	Response boundary analysis

References

references/tools.md - Tool function signatures and parameters
references/workflows.md - Attack pattern definitions and test vectors

このリポジトリの他の Skills

同じリポジトリ

skill-creator

jd-opensource/JoySafeter

Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends an agent's capabilities with specialized knowledge, workflows, or tool integrations.

2026-03-26284

openclaw-security-checker

jd-opensource/JoySafeter

OpenClaw 安全检测工具，基于安全实践指南验证配置安全、权限隔离、网络策略、日志审计和运行时完整性

2026-03-13284

openclaw-threat-detect

jd-opensource/JoySafeter

OpenClaw 攻击模式检测工具，识别数据外传、反弹Shell、文件泄露、Prompt注入、供应链投毒等高危行为，支持 MITRE ATT&CK 映射

2026-03-13284

skill-security-auditor

jd-opensource/JoySafeter

OpenClaw Skills 全方位安全审计工具，检测供应链投毒、Prompt注入、恶意代码模式、权限越权和依赖风险

2026-03-13284

planning-with-files

jd-opensource/JoySafeter

Implements Manus-style file-based planning for complex tasks. Creates task_plan.md, findings.md, and progress.md. Use when starting complex multi-step tasks, research projects, or any task requiring >5 tool calls. Now with automatic session recovery after /clear.

2026-02-13284

pentest-ai-llm-security

jd-opensource/JoySafeter

AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.

2026-02-11284

Pentest HTTP Smuggling

Purpose

Prerequisites

Authorization Requirements

Written authorization with explicit scope for protocol-level testing

Infrastructure awareness — identify all reverse proxies, CDNs, load balancers in path

Rollback plan for cache poisoning tests (CDN purge access)

Emergency contacts for infrastructure team (smuggling can affect other users)

Environment Setup

Python 3.x with raw socket capability for crafted HTTP requests

Burp Suite Professional with HTTP Request Smuggler extension

curl compiled with HTTP/2 support (--http2-prior-knowledge)

Turbo Intruder for timing-sensitive attacks

Network capture tool (Wireshark/tcpdump) for response analysis

Core Workflow

Stack Fingerprinting: Identify reverse proxies (nginx, HAProxy, Cloudflare, AWS ALB), CDNs, load balancers. Determine HTTP version support (HTTP/1.1, HTTP/2) and parsing behavior.

CL.TE Smuggling: Craft requests where front-end uses Content-Length and back-end uses Transfer-Encoding. Observe differential parsing and request boundary confusion.

TE.CL Smuggling: Reverse scenario — front-end uses Transfer-Encoding, back-end uses Content-Length. Test with obfuscated TE headers.

TE.TE Smuggling: Both sides use Transfer-Encoding but one can be confused with header obfuscation (capitalization, whitespace, duplicate headers).

HTTP/2 Downgrade: Exploit H2-to-H1 translation at reverse proxies. Header injection via pseudo-headers, CRLF injection in H2 headers, request splitting through H2 CONTINUATION frames.

Cache Poisoning: Poison cached responses with attacker-controlled content. Test cache key vs cache content discrepancies. Verify with different client sessions.

Host Header Attacks: Host header injection, password reset poisoning, routing-based SSRF, web cache poisoning via ambiguous Host headers (WSTG-INPV-17).

Impact Validation: Demonstrate cache poisoning, credential theft, request hijacking, or security control bypass as PoC.

WSTG Coverage

WSTG ID

Test Name

Status

WSTG-INPV-15

HTTP Request Smuggling

✅

WSTG-INPV-17

Host Header Injection

✅

Tool Categories

name	pentest-http-smuggling
description	HTTP request smuggling, desync attacks, cache poisoning, and protocol-level vulnerability testing.