Detects request smuggling via HTTP/2 downgrades.

Related tags

HTTP Clientsh2rs
Overview

GitHub version GPL Licence Open Source Love

h2rs

Detects request smuggling via HTTP/2 downgrades.

Requirements

  • Python 3.x

Python Modules

  • base64
  • sys
  • socket
  • ssl
  • certifi
  • h2.connection
  • h2.events
  • argparse

Install

$ pip3 install h2rs

Usage

$ h2rs
 _   ___         
| |_|_  |___ ___ 
|   |  _|  _|_ -|
|_|_|___|_| |___|

version 0.0.1
Error: requires target parameter.
usage: h2rs [-h] [-t TARGET] [-p PORT] [-m TIMEOUT] [-u USER_AGENT]

Detects request smuggling via HTTP/2 downgrades.

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Target server hostname (eg. www.example.com).
  -p PORT, --port PORT  Server TCP port to connect over TLS (default 443).
  -m TIMEOUT, --timeout TIMEOUT
                        Set connection timeout for request smuggling test (default 5).
  -u USER_AGENT, --user_agent USER_AGENT
                        Set default User-Agent request header (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69
                        Safari/537.36").

Example

$ h2rs -t ac971f5e1e77d74fc0555ed900ed00eb.web-security-academy.net
 _   ___         
| |_|_  |___ ___ 
|   |  _|  _|_ -|
|_|_|___|_| |___|

version 0.0.1
Making a GET HTTP2 request to ac971f5e1e77d74fc0555ed900ed00eb.web-security-academy.net:443 ...
Got response status code 200.
Detecting H2.CL request smuggling ...
Not potencial vulnerable to H2.CL request smuggling.
Detecting H2.CL (CRLF) request smuggling ...
Not potencial vulnerable to H2.CL (CRLF) request smuggling.
Detecting H2.TE request smuggling ...
Not potencial vulnerable to H2.TE request smuggling.
Detecting H2.TE (CRLF) request smuggling ...
[!] Potencial vulnerable to H2.TE (CRLF) request smuggling.
Detecting HTTP/2 request tunnelling ...
Not potencial vulnerable to HTTP/2 request tunnelling.

Author

Owner
Ricardo Iramar dos Santos
Every time count is regressive.
Ricardo Iramar dos Santos
GitHub Repository
As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie

HTTPie: human-friendly CLI HTTP client for the API era HTTPie (pronounced aitch-tee-tee-pie) is a command-line HTTP client. Its goal is to make CLI in

HTTPie 25.4k Jan 01, 2023
An interactive command-line HTTP and API testing client built on top of HTTPie featuring autocomplete, syntax highlighting, and more. https://twitter.com/httpie

HTTP Prompt HTTP Prompt is an interactive command-line HTTP client featuring autocomplete and syntax highlighting, built on HTTPie and prompt_toolkit.

HTTPie 8.6k Dec 31, 2022
Some example code for using a raspberry pi to draw text (including emojis) and twitch emotes to a HUB75 RGB matrix via an HTTP post endpoint.

Some example code for using a raspberry pi to draw text (including emojis) and twitch emotes to a HUB75 RGB matrix via an HTTP post endpoint.

7 Nov 05, 2022
Aiosonic - lightweight Python asyncio http client

aiosonic - lightweight Python asyncio http client Very fast, lightweight Python asyncio http client Here is some documentation. There is a performance

Johanderson Mogollon 93 Jan 06, 2023
A next generation HTTP client for Python. 🦋

HTTPX - A next-generation HTTP client for Python. HTTPX is a fully featured HTTP client for Python 3, which provides sync and async APIs, and support

Encode 9.8k Jan 05, 2023
PycURL - Python interface to libcurl

PycURL -- A Python Interface To The cURL library PycURL is a Python interface to libcurl, the multiprotocol file transfer library. Similarly to the ur

PycURL 933 Jan 09, 2023
A toolbelt of useful classes and functions to be used with python-requests

The Requests Toolbelt This is just a collection of utilities for python-requests, but don't really belong in requests proper. The minimum tested reque

892 Jan 06, 2023
HTTP Request Smuggling Detection Tool

HTTP Request Smuggling Detection Tool HTTP request smuggling is a high severity vulnerability which is a technique where an attacker smuggles an ambig

Anshuman Pattnaik 282 Jan 03, 2023
Bot que responde automáticamente as perguntas do giga unitel

Gigabot+ Bot que responde automáticamente as perguntas do giga unitel LINK DOWNLOAD: Gigabot.exe O script pode apresentar alguns erros, pois não tive

Joaquim Roque 20 Jul 16, 2021
Single-file replacement for python-requests

mureq mureq is a single-file, zero-dependency replacement for python-requests, intended to be vendored in-tree by Linux systems software and other lig

Shivaram Lingamneni 267 Dec 28, 2022
Screaming-fast Python 3.5+ HTTP toolkit integrated with pipelining HTTP server based on uvloop and picohttpparser.

Screaming-fast Python 3.5+ HTTP toolkit integrated with pipelining HTTP server based on uvloop and picohttpparser.

Paweł Piotr Przeradowski 8.6k Jan 04, 2023
Detects request smuggling via HTTP/2 downgrades.

h2rs Detects request smuggling via HTTP/2 downgrades. Requirements Python 3.x Python Modules base64 sys socket ssl certifi h2.connection h2.events arg

Ricardo Iramar dos Santos 89 Dec 22, 2022
HTTP Request & Response Service, written in Python + Flask.

httpbin(1): HTTP Request & Response Service

Postman Inc. 11.3k Jan 01, 2023
Aiohttp simple project with Swagger and ccxt integration

crypto_finder What Where Documentation http://localhost:8899/docs Maintainer nordzisko Crypto Finder aiohttp application Application that connects to

Norbert Danisik 5 Feb 27, 2022
HTTP/2 for Python.

Hyper: HTTP/2 Client for Python This project is no longer maintained! Please use an alternative, such as HTTPX or others. We will not publish further

Hyper 1k Dec 23, 2022
💡Python package for HTTP/1.1 style headers. Parse headers to objects. Most advanced available structure for http headers.

HTTP Headers, the Complete Toolkit 🧰 Object-oriented headers. Kind of structured headers. ❓ Why No matter if you are currently dealing with code usin

TAHRI Ahmed R. 103 Dec 02, 2022
Python HTTP library with thread-safe connection pooling, file post support, user friendly, and more.

urllib3 is a powerful, user-friendly HTTP client for Python. Much of the Python ecosystem already uses urllib3 and you should too. urllib3 brings many

urllib3 3.2k Dec 29, 2022
Python package for caching HTTP response based on etag

Etag cache implementation for HTTP requests, to save request bandwidth for a non-modified response. Returns high-speed accessed dictionary data as cache.

Rakesh R 2 Apr 27, 2022
Python requests like API built on top of Twisted's HTTP client.

treq: High-level Twisted HTTP Client API treq is an HTTP library inspired by requests but written on top of Twisted's Agents. It provides a simple, hi

Twisted Matrix Labs 553 Dec 18, 2022
Asynchronous HTTP client/server framework for asyncio and Python

Async http client/server framework Key Features Supports both client and server side of HTTP protocol. Supports both client and server Web-Sockets out

aio-libs 13.1k Jan 01, 2023