This repository contains a Python-based tool to detect HTTP Request Smuggling vulnerabilities, specifically targeting CVE-2024-40725. The tool attempts to exploit this vulnerability in Apache HTTP Server by sending crafted HTTP requests and analyzing the server's responses. The primary goal is to identify discrepancies in status codes or access behavior, such as bypassing restrictions on specific paths.
- Detect HTTP Request Smuggling vulnerabilities.
- Supports single URL testing and batch testing using a list of URLs.
- Allows custom wordlists for testing various endpoint paths.
- Stores output results in a log file for further analysis.
- Identifies cases where status codes differ before and after smuggling attempts (e.g.,
403→200).
- Python 3.7+
requestslibrary
Install the required library using pip:
pip install requestsRun the tool for a single URL:
python detect_http_smuggling.py -u https://example.com -w wordlist.txt -o output.logTest multiple URLs from a file:
python detect_http_smuggling.py -l urls.txt -w wordlist.txt -o output.log| Parameter | Description |
|---|---|
-u |
Target URL for testing |
-l |
File containing a list of target URLs |
-w |
Custom wordlist for endpoint fuzzing |
-o |
Output file for saving results |
Target: https://example.com
Status Change Detected:
/admin 403 ---> /admin 200
Target: https://anotherexample.com
No vulnerability was detected.
This tool was inspired by the work found in the following repository:
This tool is intended for educational purposes and authorized security testing only. Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical. Use responsibly.