Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Unstructured HTTP Headers #1857

Open
MindPatch opened this issue May 26, 2023 · 6 comments
Open

Support for Unstructured HTTP Headers #1857

MindPatch opened this issue May 26, 2023 · 6 comments

Comments

@MindPatch
Copy link

Greetings team,

I'm currently working on a project intended for security professionals, and I've come across a requirement where we need to send HTTP requests in an unstructured format. This functionality would allow users to construct requests similar to the following example:

GET / HTTP/1.1
  Host: hello.com
Host: attacker.com
HeaderWithoutValue

as host header injection (as described in this informative resource: Host Header Injection). Additionally, it can help detect if the application is running in Debug mode or enable the identification of potential issues related to HTTP request smuggling (as explained here: HTTP Request Smuggling).

For more detailed information and context, please refer to the following GitHub issue: BugBlocker/lotus #136.
@seanmonstar
Copy link
Owner

It sounds like you want the ability to send headers that are incorrectly formatted on purpose, to probe servers, is that right? Part of hyper's goals is to strictly enforce things that would be illegal.

@MindPatch
Copy link
Author

Hello @seanmonstar,
I wanted to discuss the possibility of incorporating a feature in the Hyper project that would cater to the needs of security professionals within the DevOps lifecycle (like this one). Specifically, this feature would allow them to scan the application before deploying it.
But I understand that this may not align with Hyper's primary goals, and I respect that.

Before proceeding with forking the project, I would like to inquire whether it would be acceptable for us, as the Lotus team, to add this feature ourselves in the forked version
Your input on this matter would be greatly appreciated.

Best regards
@knassar702

@seanmonstar
Copy link
Owner

Well, so, there is some precedent that hyper allows enabling options for things that the specs now say "please don't ever do this, but legacy software may exist". So, in that sense, it could be acceptable. If you wanted to put together a design document outlining how to do this, and pitch it on the hyperium/hyper repo, we could consider it. I'm sympathetic to allowing hyper be more flexible, as long as it's safe by default.

@cn-kali-team
Copy link

https://github.com/emo-crab/slinger
A client specifically developed for security researchers

https://github.com/emo-crab/slinger/blob/main/examples/smuggling.rs

@MindPatch
Copy link
Author

Good job @cn-kali-team 👏
thank you

@seanmonstar
Copy link
Owner

Oh, I understand what you're looking for now. I think this PR would do it: hyperium/hyper#3417

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@seanmonstar @cn-kali-team @MindPatch