Comments (6)
Also, sorry if bad English
from smuggler.
Why there is no answer ?
Did you know shelld3v how to use it?
from smuggler.
I don't know :) But I think I am going to close this thing now since there is no answer. Gonna learn other stuff, hate Request smuggling with this bad response :)
from smuggler.
Hey thanks for being patient,
This tool isn't an exploitation tool it is a recon tool. It simply finds problematic HTTP requests that should be looked into further. It doesn't stage or teach how to stage any desync attacks. It provides you with the payload of the HTTP request that is problematic and you are expected to know how to exploit using Turbo Intruder and other tools.
My intention with this project is not to teach the exploitation of desync attacks, it is just to search for them. However if you want to take the payload and use it for exploitation you have to know how to read the payload file using python in the Turbo Intruder script and issue the attack with the request. This information is out of scope for this project so am not covering it here.
from smuggler.
OK, @defparam! Is there no other option except quiet and don't care about this issue? Very well, then I will close this soon.
Thanks for letting me know:)
from smuggler.
To be clear, the point of this tool isn’t to actively exploit hosts. It’s to find potential issues and give you the payload which caused it. It’s not this project’s concern that you don’t know what to do with the payloads it produces and it’s not my mission to teach you how to use turbo intruder.
from smuggler.
Related Issues (17)
- [Bug] Encoding Problem: \xA0 will be encoded into \xc2\xa0 HOT 1
- False positive? HOT 5
- Enhance or Release request. HOT 1
- [Portswigger Lab] Bug instance not recognized HOT 1
- Cookies in HTTP request HOT 1
- Terminal is left in magenta after smuggler finishes
- Enhancement HOT 1
- False positive? HOT 2
- its giving socket error how to solve it HOT 3
- Doesn't find Webrick CVE
- smuggler missed a vulnerable host HOT 1
- Error
- cant detect HTTP request smuggling, obfuscating the TE header
- Want to catch the requests in burp HOT 2
- Error: Cannot find config file HOT 5
- Adding Concurrency HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from smuggler.