Projects STRLCPY pentest-tools Commits f76feb5d
🤬
  • ■ ■ ■ ■ ■ ■
    smuggler.py
    skipped 143 lines
    144 144   'suffix1_127',
    145 145   'suffix1_160',
    146 146   'suffix1_255',
     147 + 
     148 + # https://twitter.com/mame82/status/1265903964568145921
     149 + 'marcusmengs1',
     150 + 'marcusmengs2',
    147 151  ]
    148 152  # t_registered_method = [
    149 153  # 'contentEnc',
    skipped 2 lines
    152 156  class attackMethod:
    153 157   def update_content_length( self, msg, cl ):
    154 158   return msg.replace( 'Content-Length: 0', 'Content-Length: '+str(cl) )
     159 + 
     160 + def marcusmengs1( self, msg ):
     161 + msg = msg.replace( 'Transfer-Encoding', chr(1)+'Transfer_Encoding' )
     162 + return msg
     163 + 
     164 + def marcusmengs2( self, msg ):
     165 + msg = msg.replace( 'Transfer-Encoding', chr(15)+'Transfer_Encoding' )
     166 + return msg
    155 167   
    156 168   def underjoin1( self, msg ):
    157 169   msg = msg.replace( 'Transfer-Encoding', 'Transfer_Encoding' )
    skipped 666 lines
Please wait...
Page is in error, reload to recover