h2csmuggler

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing a bypass of p


sudo git clone https://github.com/BishopFox/h2csmuggler.git

#Run httprobe against targets, save output as urls.txt

sudo python3 h2csmuggler.py --scan-list urls.txt --threads 5

Previoushttp-request smuggler NextServer Side Request Forgery

Last updated 1 year ago