ワンクリックで
pentest-http-smuggling
HTTP request smuggling, desync attacks, cache poisoning, and protocol-level vulnerability testing.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
HTTP request smuggling, desync attacks, cache poisoning, and protocol-level vulnerability testing.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends an agent's capabilities with specialized knowledge, workflows, or tool integrations.
OpenClaw 安全检测工具,基于安全实践指南验证配置安全、权限隔离、网络策略、日志审计和运行时完整性
OpenClaw 攻击模式检测工具,识别数据外传、反弹Shell、文件泄露、Prompt注入、供应链投毒等高危行为,支持 MITRE ATT&CK 映射
OpenClaw Skills 全方位安全审计工具,检测供应链投毒、Prompt注入、恶意代码模式、权限越权和依赖风险
Implements Manus-style file-based planning for complex tasks. Creates task_plan.md, findings.md, and progress.md. Use when starting complex multi-step tasks, research projects, or any task requiring >5 tool calls. Now with automatic session recovery after /clear.
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
| name | pentest-http-smuggling |
| description | HTTP request smuggling, desync attacks, cache poisoning, and protocol-level vulnerability testing. |
Detect and exploit discrepancies between front-end proxies and back-end servers in HTTP request parsing. These attacks bypass security controls, poison caches, and hijack requests — entirely absent from standard taint analysis pipelines.
--http2-prior-knowledge)| WSTG ID | Test Name | Status |
|---|---|---|
| WSTG-INPV-15 | HTTP Request Smuggling | ✅ |
| WSTG-INPV-17 | Host Header Injection | ✅ |
| Category | Tools | Purpose |
|---|---|---|
| Smuggling Detection | smuggler.py, HTTP Request Smuggler (Burp) | Automated CL.TE/TE.CL detection |
| HTTP/2 Testing | h2csmuggler, curl --http2, nghttp | H2 downgrade and desync attacks |
| Timing Attacks | Turbo Intruder | Microsecond-precision request timing |
| Raw Requests | Python sockets, netcat | Crafted malformed HTTP requests |
| Cache Analysis | curl, custom scripts | Cache behavior verification |
| Traffic Capture | Wireshark, tcpdump | Response boundary analysis |
references/tools.md - Tool function signatures and parametersreferences/workflows.md - Attack pattern definitions and test vectors