Offensive Sec Blog

Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

Sunday, February 18, 2024

CLZero - A Project For Fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors

           , , ,       No comments    


A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors.

About

Thank you to @albinowax, @defparam and @d3d else this tool would not exist. Inspired by the tool Smuggler all attack gadgets adapted from Smuggler and https://portswigger.net/research/how-to-turn-security-research-into-profit

For more info see: https://moopinger.github.io/blog/fuzzing/clzero/tools/request/smuggling/2023/11/15/Fuzzing-With-CLZero.html


Usage

usage: clzero.py [-h] [-url URL] [-file FILE] [-index INDEX] [-verbose] [-no-color] [-resume] [-skipread] [-quiet] [-lb] [-config CONFIG] [-method METHOD]

CLZero by Moopinger

optional arguments:
  -h, --help      show this help message and exit
  -url URL        (-u), Single target URL.
  -file FILE      (-f), Files containing multiple targets.
  -index INDEX    (-i), Index start point when using a file list. Default is first line.
  -verbose        (-v), Enable verbose output.
  -no-color       Disable colors in HTTP Status
  -resume         Resume scan from last index place.
  -skipread       Skip the read response on smuggle requests, recommended. This will save a lot of time between requests. Ideal for targets with standard HTTP traffic.
  -quiet          (-q), Disable output. Only successful payloads will be written to ./payloads/
  -lb             Last byte sync method for least request latency. Due to th   e nature of the request, it cannot guarantee that the smuggle request will be processed first. Ideal for targets with a high
                  amount of traffic, and you do not mind sending multiple requests.
  -config CONFIG  (-c) Config file to load, see ./configs/ to create custom payloads
  -method METHOD  (-m) Method to use when sending the smuggle request. Default: POST

single target attack:

  • python3 clzero.py -u https://www.target.com/ -c configs/default.py -skipread

  • python3 clzero.py -u https://www.target.com/ -c configs/default.py -lb

Multi target attack:

  • python3 clzero.py -l urls.txt -c configs/default.py -skipread

  • python3 clzero.py -l urls.txt -c configs/default.py -lb

Install

git clone https://github.com/Moopinger/CLZero.git
cd CLZero
pip3 install -r requirements.txt


Share:

0 comentários:

Post a Comment

Note: Only a member of this blog may post a comment.

Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition