├── 01_http1_clte ├── README.md ├── docker-compose.yml ├── docker │ ├── ats7 │ │ ├── Dockerfile │ │ └── remap.config │ ├── nginx │ │ ├── Dockerfile │ │ └── nginx.conf │ └── php │ │ ├── Dockerfile │ │ └── php-fpm.conf └── public │ ├── _footer.php │ ├── _header.php │ ├── contact.php │ ├── css │ └── style.css │ ├── favicon.ico │ ├── index.php │ ├── post.php │ └── secret │ └── index.php ├── 02_http2_cl ├── Dockerfile-armeria ├── README.md ├── armeria │ └── vulnerable-armeria-all.jar ├── docker-compose.yml ├── exploit_http2_hrs.py ├── webmain │ └── index.php └── webstatic │ ├── .htaccess │ ├── documents │ └── flag.txt │ └── static │ ├── blockchain.jpg │ ├── diagram_full_size.png │ └── style.css ├── 03_websocket ├── Dockerfile-backend ├── boot-websocket │ ├── .classpath │ ├── .gitignore │ ├── pom.xml │ ├── spring-boot-test-websocket-1.0-SNAPSHOT.jar │ └── src │ │ └── main │ │ ├── java │ │ └── net │ │ │ └── gosecure │ │ │ └── websocket │ │ │ └── config │ │ │ ├── Application.java │ │ │ ├── HealthCheckController.java │ │ │ ├── SocketTextHandler.java │ │ │ └── WebSocketConfig.java │ │ └── resources │ │ ├── application.properties │ │ └── static │ │ ├── app.js │ │ ├── bootstrap.min.css │ │ ├── index.html │ │ ├── jquery-1.10.2.min.js │ │ ├── style.css │ │ └── technical-support.jpg ├── configs │ ├── cert.pem │ ├── default.conf │ ├── generate-certificates.sh │ ├── haproxy.cfg │ ├── haproxy.pem │ ├── key.pem │ └── nuster.cfg ├── docker-compose.yml ├── exploit.py └── src │ ├── index.htm │ └── main.py ├── 03_websocket_statuscode_helper ├── docker-compose.yml └── html │ └── index.php ├── 04_http2_cleartext ├── .gitignore ├── LICENSE ├── README.md ├── backend.Dockerfile ├── configs │ ├── generate-certificates.sh │ ├── haproxy.cfg │ ├── nginx.conf │ └── nuster.cfg ├── deb │ └── ubuntu-focal-libnginx-mod-http-naxsi_1.3_amd64.deb ├── docker-compose.yml ├── extensions │ ├── BurpExtension │ │ └── h2cSmugglingCheck.py │ └── nuclei-template │ │ ├── h2csmuggle-nuclei.yaml │ │ └── h2csmuggle-upgrade-only-nuclei.yaml ├── h2c.README.md ├── h2csmuggler.py ├── media │ ├── diagram.png │ ├── fail.png │ ├── success.png │ └── test.png ├── mysql_init.sql ├── naxsi.Dockerfile ├── nginx │ ├── naxsi-errors │ │ └── 50x.html │ ├── naxsi_core.rules │ ├── nginx.conf │ └── sites-available │ │ └── default └── src │ ├── admin.htm │ ├── get_deps.txt │ ├── go.mod.txt │ ├── index.htm │ ├── main.go │ ├── movie.htm │ └── static │ ├── border1.png │ ├── cover │ ├── tt0145487.jpg │ ├── tt0234215.jpg │ ├── tt0468569.jpg │ ├── tt1104001.jpg │ ├── tt1375666.jpg │ └── tt202111.jpg │ └── style.css ├── README.md └── codelabs ├── .gitignore ├── README.md ├── assets ├── cache_poisoning.png ├── clcl_first.png ├── clcl_last.png ├── h2c_sequence_diagram.png ├── hrs_workshop.png ├── http_tunneling - Copy.png ├── http_tunneling.png ├── infrastructure.png ├── naxsi.png ├── websocket_sequence_diagram.png └── workshops │ ├── binanalysis.png │ ├── binanalysis_small.png │ ├── template.png │ ├── template_small.png │ ├── xxe.png │ └── xxe_small.png └── index.md /01_http1_clte/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/README.md -------------------------------------------------------------------------------- /01_http1_clte/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/docker-compose.yml -------------------------------------------------------------------------------- /01_http1_clte/docker/ats7/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/docker/ats7/Dockerfile -------------------------------------------------------------------------------- /01_http1_clte/docker/ats7/remap.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/docker/ats7/remap.config -------------------------------------------------------------------------------- /01_http1_clte/docker/nginx/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/docker/nginx/Dockerfile -------------------------------------------------------------------------------- /01_http1_clte/docker/nginx/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/docker/nginx/nginx.conf -------------------------------------------------------------------------------- /01_http1_clte/docker/php/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/docker/php/Dockerfile -------------------------------------------------------------------------------- /01_http1_clte/docker/php/php-fpm.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/docker/php/php-fpm.conf -------------------------------------------------------------------------------- /01_http1_clte/public/_footer.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/public/_footer.php -------------------------------------------------------------------------------- /01_http1_clte/public/_header.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/public/_header.php -------------------------------------------------------------------------------- /01_http1_clte/public/contact.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/public/contact.php -------------------------------------------------------------------------------- /01_http1_clte/public/css/style.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/public/css/style.css -------------------------------------------------------------------------------- /01_http1_clte/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/public/favicon.ico -------------------------------------------------------------------------------- /01_http1_clte/public/index.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/public/index.php -------------------------------------------------------------------------------- /01_http1_clte/public/post.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/01_http1_clte/public/post.php -------------------------------------------------------------------------------- /01_http1_clte/public/secret/index.php: -------------------------------------------------------------------------------- 1 | SECRET-1234 -------------------------------------------------------------------------------- /02_http2_cl/Dockerfile-armeria: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/Dockerfile-armeria -------------------------------------------------------------------------------- /02_http2_cl/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/README.md -------------------------------------------------------------------------------- /02_http2_cl/armeria/vulnerable-armeria-all.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/armeria/vulnerable-armeria-all.jar -------------------------------------------------------------------------------- /02_http2_cl/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/docker-compose.yml -------------------------------------------------------------------------------- /02_http2_cl/exploit_http2_hrs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/exploit_http2_hrs.py -------------------------------------------------------------------------------- /02_http2_cl/webmain/index.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/webmain/index.php -------------------------------------------------------------------------------- /02_http2_cl/webstatic/.htaccess: -------------------------------------------------------------------------------- 1 | Options +Indexes -------------------------------------------------------------------------------- /02_http2_cl/webstatic/documents/flag.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/webstatic/documents/flag.txt -------------------------------------------------------------------------------- /02_http2_cl/webstatic/static/blockchain.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/webstatic/static/blockchain.jpg -------------------------------------------------------------------------------- /02_http2_cl/webstatic/static/diagram_full_size.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/webstatic/static/diagram_full_size.png -------------------------------------------------------------------------------- /02_http2_cl/webstatic/static/style.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/02_http2_cl/webstatic/static/style.css -------------------------------------------------------------------------------- /03_websocket/Dockerfile-backend: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/Dockerfile-backend -------------------------------------------------------------------------------- /03_websocket/boot-websocket/.classpath: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/.classpath -------------------------------------------------------------------------------- /03_websocket/boot-websocket/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/.gitignore -------------------------------------------------------------------------------- /03_websocket/boot-websocket/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/pom.xml -------------------------------------------------------------------------------- /03_websocket/boot-websocket/spring-boot-test-websocket-1.0-SNAPSHOT.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/spring-boot-test-websocket-1.0-SNAPSHOT.jar -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/java/net/gosecure/websocket/config/Application.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/java/net/gosecure/websocket/config/Application.java -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/java/net/gosecure/websocket/config/HealthCheckController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/java/net/gosecure/websocket/config/HealthCheckController.java -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/java/net/gosecure/websocket/config/SocketTextHandler.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/java/net/gosecure/websocket/config/SocketTextHandler.java -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/java/net/gosecure/websocket/config/WebSocketConfig.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/java/net/gosecure/websocket/config/WebSocketConfig.java -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | server.port=8081 -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/resources/static/app.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/resources/static/app.js -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/resources/static/bootstrap.min.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/resources/static/bootstrap.min.css -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/resources/static/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/resources/static/index.html -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/resources/static/jquery-1.10.2.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/resources/static/jquery-1.10.2.min.js -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/resources/static/style.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/resources/static/style.css -------------------------------------------------------------------------------- /03_websocket/boot-websocket/src/main/resources/static/technical-support.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/boot-websocket/src/main/resources/static/technical-support.jpg -------------------------------------------------------------------------------- /03_websocket/configs/cert.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/configs/cert.pem -------------------------------------------------------------------------------- /03_websocket/configs/default.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/configs/default.conf -------------------------------------------------------------------------------- /03_websocket/configs/generate-certificates.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/configs/generate-certificates.sh -------------------------------------------------------------------------------- /03_websocket/configs/haproxy.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/configs/haproxy.cfg -------------------------------------------------------------------------------- /03_websocket/configs/haproxy.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/configs/haproxy.pem -------------------------------------------------------------------------------- /03_websocket/configs/key.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/configs/key.pem -------------------------------------------------------------------------------- /03_websocket/configs/nuster.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/configs/nuster.cfg -------------------------------------------------------------------------------- /03_websocket/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/docker-compose.yml -------------------------------------------------------------------------------- /03_websocket/exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/exploit.py -------------------------------------------------------------------------------- /03_websocket/src/index.htm: -------------------------------------------------------------------------------- 1 |

Hello World!

2 | -------------------------------------------------------------------------------- /03_websocket/src/main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket/src/main.py -------------------------------------------------------------------------------- /03_websocket_statuscode_helper/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/03_websocket_statuscode_helper/docker-compose.yml -------------------------------------------------------------------------------- /03_websocket_statuscode_helper/html/index.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /04_http2_cleartext/.gitignore: -------------------------------------------------------------------------------- 1 | *.sw* 2 | *.pem 3 | -------------------------------------------------------------------------------- /04_http2_cleartext/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/LICENSE -------------------------------------------------------------------------------- /04_http2_cleartext/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/README.md -------------------------------------------------------------------------------- /04_http2_cleartext/backend.Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/backend.Dockerfile -------------------------------------------------------------------------------- /04_http2_cleartext/configs/generate-certificates.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/configs/generate-certificates.sh -------------------------------------------------------------------------------- /04_http2_cleartext/configs/haproxy.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/configs/haproxy.cfg -------------------------------------------------------------------------------- /04_http2_cleartext/configs/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/configs/nginx.conf -------------------------------------------------------------------------------- /04_http2_cleartext/configs/nuster.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/configs/nuster.cfg -------------------------------------------------------------------------------- /04_http2_cleartext/deb/ubuntu-focal-libnginx-mod-http-naxsi_1.3_amd64.deb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/deb/ubuntu-focal-libnginx-mod-http-naxsi_1.3_amd64.deb -------------------------------------------------------------------------------- /04_http2_cleartext/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/docker-compose.yml -------------------------------------------------------------------------------- /04_http2_cleartext/extensions/BurpExtension/h2cSmugglingCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/extensions/BurpExtension/h2cSmugglingCheck.py -------------------------------------------------------------------------------- /04_http2_cleartext/extensions/nuclei-template/h2csmuggle-nuclei.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/extensions/nuclei-template/h2csmuggle-nuclei.yaml -------------------------------------------------------------------------------- /04_http2_cleartext/extensions/nuclei-template/h2csmuggle-upgrade-only-nuclei.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/extensions/nuclei-template/h2csmuggle-upgrade-only-nuclei.yaml -------------------------------------------------------------------------------- /04_http2_cleartext/h2c.README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/h2c.README.md -------------------------------------------------------------------------------- /04_http2_cleartext/h2csmuggler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/h2csmuggler.py -------------------------------------------------------------------------------- /04_http2_cleartext/media/diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/media/diagram.png -------------------------------------------------------------------------------- /04_http2_cleartext/media/fail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/media/fail.png -------------------------------------------------------------------------------- /04_http2_cleartext/media/success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/media/success.png -------------------------------------------------------------------------------- /04_http2_cleartext/media/test.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/media/test.png -------------------------------------------------------------------------------- /04_http2_cleartext/mysql_init.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/mysql_init.sql -------------------------------------------------------------------------------- /04_http2_cleartext/naxsi.Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/naxsi.Dockerfile -------------------------------------------------------------------------------- /04_http2_cleartext/nginx/naxsi-errors/50x.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/nginx/naxsi-errors/50x.html -------------------------------------------------------------------------------- /04_http2_cleartext/nginx/naxsi_core.rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/nginx/naxsi_core.rules -------------------------------------------------------------------------------- /04_http2_cleartext/nginx/nginx.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/nginx/nginx.conf -------------------------------------------------------------------------------- /04_http2_cleartext/nginx/sites-available/default: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/nginx/sites-available/default -------------------------------------------------------------------------------- /04_http2_cleartext/src/admin.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/admin.htm -------------------------------------------------------------------------------- /04_http2_cleartext/src/get_deps.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/get_deps.txt -------------------------------------------------------------------------------- /04_http2_cleartext/src/go.mod.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/go.mod.txt -------------------------------------------------------------------------------- /04_http2_cleartext/src/index.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/index.htm -------------------------------------------------------------------------------- /04_http2_cleartext/src/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/main.go -------------------------------------------------------------------------------- /04_http2_cleartext/src/movie.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/movie.htm -------------------------------------------------------------------------------- /04_http2_cleartext/src/static/border1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/static/border1.png -------------------------------------------------------------------------------- /04_http2_cleartext/src/static/cover/tt0145487.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/static/cover/tt0145487.jpg -------------------------------------------------------------------------------- /04_http2_cleartext/src/static/cover/tt0234215.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/static/cover/tt0234215.jpg -------------------------------------------------------------------------------- /04_http2_cleartext/src/static/cover/tt0468569.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/static/cover/tt0468569.jpg -------------------------------------------------------------------------------- /04_http2_cleartext/src/static/cover/tt1104001.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/static/cover/tt1104001.jpg -------------------------------------------------------------------------------- /04_http2_cleartext/src/static/cover/tt1375666.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/static/cover/tt1375666.jpg -------------------------------------------------------------------------------- /04_http2_cleartext/src/static/cover/tt202111.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/static/cover/tt202111.jpg -------------------------------------------------------------------------------- /04_http2_cleartext/src/static/style.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/04_http2_cleartext/src/static/style.css -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/README.md -------------------------------------------------------------------------------- /codelabs/.gitignore: -------------------------------------------------------------------------------- 1 | request-smuggling-workshop -------------------------------------------------------------------------------- /codelabs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/README.md -------------------------------------------------------------------------------- /codelabs/assets/cache_poisoning.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/cache_poisoning.png -------------------------------------------------------------------------------- /codelabs/assets/clcl_first.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/clcl_first.png -------------------------------------------------------------------------------- /codelabs/assets/clcl_last.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/clcl_last.png -------------------------------------------------------------------------------- /codelabs/assets/h2c_sequence_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/h2c_sequence_diagram.png -------------------------------------------------------------------------------- /codelabs/assets/hrs_workshop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/hrs_workshop.png -------------------------------------------------------------------------------- /codelabs/assets/http_tunneling - Copy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/http_tunneling - Copy.png -------------------------------------------------------------------------------- /codelabs/assets/http_tunneling.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/http_tunneling.png -------------------------------------------------------------------------------- /codelabs/assets/infrastructure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/infrastructure.png -------------------------------------------------------------------------------- /codelabs/assets/naxsi.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/naxsi.png -------------------------------------------------------------------------------- /codelabs/assets/websocket_sequence_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/websocket_sequence_diagram.png -------------------------------------------------------------------------------- /codelabs/assets/workshops/binanalysis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/workshops/binanalysis.png -------------------------------------------------------------------------------- /codelabs/assets/workshops/binanalysis_small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/workshops/binanalysis_small.png -------------------------------------------------------------------------------- /codelabs/assets/workshops/template.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/workshops/template.png -------------------------------------------------------------------------------- /codelabs/assets/workshops/template_small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/workshops/template_small.png -------------------------------------------------------------------------------- /codelabs/assets/workshops/xxe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/workshops/xxe.png -------------------------------------------------------------------------------- /codelabs/assets/workshops/xxe_small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/assets/workshops/xxe_small.png -------------------------------------------------------------------------------- /codelabs/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/request-smuggling-workshop/HEAD/codelabs/index.md --------------------------------------------------------------------------------