Detects request smuggling via HTTP/2 downgrades.

Related tags

HTTP Clientsh2rs
Overview

GitHub version GPL Licence Open Source Love

h2rs

Detects request smuggling via HTTP/2 downgrades.

Requirements

  • Python 3.x

Python Modules

  • base64
  • sys
  • socket
  • ssl
  • certifi
  • h2.connection
  • h2.events
  • argparse

Install

$ pip3 install h2rs

Usage

$ h2rs
 _   ___         
| |_|_  |___ ___ 
|   |  _|  _|_ -|
|_|_|___|_| |___|

version 0.0.1
Error: requires target parameter.
usage: h2rs [-h] [-t TARGET] [-p PORT] [-m TIMEOUT] [-u USER_AGENT]

Detects request smuggling via HTTP/2 downgrades.

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Target server hostname (eg. www.example.com).
  -p PORT, --port PORT  Server TCP port to connect over TLS (default 443).
  -m TIMEOUT, --timeout TIMEOUT
                        Set connection timeout for request smuggling test (default 5).
  -u USER_AGENT, --user_agent USER_AGENT
                        Set default User-Agent request header (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69
                        Safari/537.36").

Example

$ h2rs -t ac971f5e1e77d74fc0555ed900ed00eb.web-security-academy.net
 _   ___         
| |_|_  |___ ___ 
|   |  _|  _|_ -|
|_|_|___|_| |___|

version 0.0.1
Making a GET HTTP2 request to ac971f5e1e77d74fc0555ed900ed00eb.web-security-academy.net:443 ...
Got response status code 200.
Detecting H2.CL request smuggling ...
Not potencial vulnerable to H2.CL request smuggling.
Detecting H2.CL (CRLF) request smuggling ...
Not potencial vulnerable to H2.CL (CRLF) request smuggling.
Detecting H2.TE request smuggling ...
Not potencial vulnerable to H2.TE request smuggling.
Detecting H2.TE (CRLF) request smuggling ...
[!] Potencial vulnerable to H2.TE (CRLF) request smuggling.
Detecting HTTP/2 request tunnelling ...
Not potencial vulnerable to HTTP/2 request tunnelling.

Author

Owner
Ricardo Iramar dos Santos
Every time count is regressive.
Ricardo Iramar dos Santos
GitHub Repository
Script to automate PUT HTTP method exploitation to get shell.

Script to automate PUT HTTP method exploitation to get shell.

devploit 116 Nov 10, 2022
🔄 🌐 Handle thousands of HTTP requests, disk writes, and other I/O-bound tasks simultaneously with Python's quintessential async libraries.

🔄 🌐 Handle thousands of HTTP requests, disk writes, and other I/O-bound tasks simultaneously with Python's quintessential async libraries.

Hackers and Slackers 15 Dec 12, 2022
Asynchronous HTTP client/server framework for asyncio and Python

Async http client/server framework Key Features Supports both client and server side of HTTP protocol. Supports both client and server Web-Sockets out

aio-libs 13.1k Jan 01, 2023
r - a small subset of Python Requests

r a small subset of Python Requests a few years ago, when I was first learning Python and looking for http functionality, i found the batteries-includ

Gabriel Sroka 4 Dec 15, 2022
suite de mocks http em json

Ritchie Formula Repo Documentation Contribute to the Ritchie community This repository contains rit formulas which can be executed by the ritchie-cli.

Kaio Fábio Prates Prudêncio 1 Nov 01, 2021
A modern/fast python SOAP client based on lxml / requests

Zeep: Python SOAP client A fast and modern Python SOAP client Highlights: Compatible with Python 3.6, 3.7, 3.8 and PyPy Build on top of lxml and reque

Michael van Tellingen 1.7k Jan 01, 2023
Aiosonic - lightweight Python asyncio http client

aiosonic - lightweight Python asyncio http client Very fast, lightweight Python asyncio http client Here is some documentation. There is a performance

Johanderson Mogollon 93 Jan 06, 2023
Asynchronous Python HTTP Requests for Humans using Futures

Asynchronous Python HTTP Requests for Humans Small add-on for the python requests http library. Makes use of python 3.2's concurrent.futures or the ba

Ross McFarland 2k Dec 30, 2022
Small, fast HTTP client library for Python. Features persistent connections, cache, and Google App Engine support. Originally written by Joe Gregorio, now supported by community.

Introduction httplib2 is a comprehensive HTTP client library, httplib2.py supports many features left out of other HTTP libraries. HTTP and HTTPS HTTP

457 Dec 10, 2022
Single-file replacement for python-requests

mureq mureq is a single-file, zero-dependency replacement for python-requests, intended to be vendored in-tree by Linux systems software and other lig

Shivaram Lingamneni 267 Dec 28, 2022
HTTP/2 for Python.

Hyper: HTTP/2 Client for Python This project is no longer maintained! Please use an alternative, such as HTTPX or others. We will not publish further

Hyper 1k Dec 23, 2022
HTTP Request Smuggling Detection Tool

HTTP Request Smuggling Detection Tool HTTP request smuggling is a high severity vulnerability which is a technique where an attacker smuggles an ambig

Anshuman Pattnaik 282 Jan 03, 2023
Python package for caching HTTP response based on etag

Etag cache implementation for HTTP requests, to save request bandwidth for a non-modified response. Returns high-speed accessed dictionary data as cache.

Rakesh R 2 Apr 27, 2022
Screaming-fast Python 3.5+ HTTP toolkit integrated with pipelining HTTP server based on uvloop and picohttpparser.

Screaming-fast Python 3.5+ HTTP toolkit integrated with pipelining HTTP server based on uvloop and picohttpparser.

Paweł Piotr Przeradowski 8.6k Jan 04, 2023
HackerNews digest using GitHub actions

HackerNews Digest This script makes use of GitHub actions to send daily newsletters with the top 10 posts from HackerNews of the previous day. How to

Rajkumar S 3 Jan 19, 2022
A simple, yet elegant HTTP library.

Requests Requests is a simple, yet elegant HTTP library. import requests r = requests.get('https://api.github.com/user', auth=('user', 'pass')

Python Software Foundation 48.8k Jan 05, 2023
PycURL - Python interface to libcurl

PycURL -- A Python Interface To The cURL library PycURL is a Python interface to libcurl, the multiprotocol file transfer library. Similarly to the ur

PycURL 933 Jan 09, 2023
Bot que responde automáticamente as perguntas do giga unitel

Gigabot+ Bot que responde automáticamente as perguntas do giga unitel LINK DOWNLOAD: Gigabot.exe O script pode apresentar alguns erros, pois não tive

Joaquim Roque 20 Jul 16, 2021
A toolbelt of useful classes and functions to be used with python-requests

The Requests Toolbelt This is just a collection of utilities for python-requests, but don't really belong in requests proper. The minimum tested reque

892 Jan 06, 2023
Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once

pathprober Probe and discover HTTP pathname using brute-force methodology and filtered by specific word or 2 words at once. Purpose Brute-forcing webs

NFA 41 Jul 06, 2022