| skipped 143 lines |
144 | 144 | | 'suffix1_127', |
145 | 145 | | 'suffix1_160', |
146 | 146 | | 'suffix1_255', |
| 147 | + | |
| 148 | + | # https://twitter.com/mame82/status/1265903964568145921 |
| 149 | + | 'marcusmengs1', |
| 150 | + | 'marcusmengs2', |
147 | 151 | | ] |
148 | 152 | | # t_registered_method = [ |
149 | 153 | | # 'contentEnc', |
| skipped 2 lines |
152 | 156 | | class attackMethod: |
153 | 157 | | def update_content_length( self, msg, cl ): |
154 | 158 | | return msg.replace( 'Content-Length: 0', 'Content-Length: '+str(cl) ) |
| 159 | + | |
| 160 | + | def marcusmengs1( self, msg ): |
| 161 | + | msg = msg.replace( 'Transfer-Encoding', chr(1)+'Transfer_Encoding' ) |
| 162 | + | return msg |
| 163 | + | |
| 164 | + | def marcusmengs2( self, msg ): |
| 165 | + | msg = msg.replace( 'Transfer-Encoding', chr(15)+'Transfer_Encoding' ) |
| 166 | + | return msg |
155 | 167 | | |
156 | 168 | | def underjoin1( self, msg ): |
157 | 169 | | msg = msg.replace( 'Transfer-Encoding', 'Transfer_Encoding' ) |
| skipped 666 lines |