Share
## https://sploitus.com/exploit?id=E606D7F4-5FA2-5907-B30E-367D6FFECD89
# HTTP Request Smuggling Detection Tool

This repository contains a Python-based tool to detect HTTP Request Smuggling vulnerabilities, specifically targeting `CVE-2024-40725`. The tool attempts to exploit this vulnerability in Apache HTTP Server by sending crafted HTTP requests and analyzing the server's responses. The primary goal is to identify discrepancies in status codes or access behavior, such as bypassing restrictions on specific paths.

## Features

- Detect HTTP Request Smuggling vulnerabilities.
- Supports single URL testing and batch testing using a list of URLs.
- Allows custom wordlists for testing various endpoint paths.
- Stores output results in a log file for further analysis.
- Identifies cases where status codes differ before and after smuggling attempts (e.g., `403` โ†’ `200`).

## Requirements

- Python 3.7+
- `requests` library

Install the required library using pip:

```bash
pip install requests
```

## Usage

### Single URL

Run the tool for a single URL:

```bash
python detect_http_smuggling.py -u https://example.com -w wordlist.txt -o output.log
```

### Batch URL Testing

Test multiple URLs from a file:

```bash
python detect_http_smuggling.py -l urls.txt -w wordlist.txt -o output.log
```

### Parameters

| Parameter | Description                              |
|-----------|------------------------------------------|
| `-u`      | Target URL for testing                  |
| `-l`      | File containing a list of target URLs   |
| `-w`      | Custom wordlist for endpoint fuzzing    |
| `-o`      | Output file for saving results          |

## Example Output

```text
Target: https://example.com
Status Change Detected:
  /admin 403 ---> /admin 200

Target: https://anotherexample.com
No vulnerability was detected.
```

## Credits

This tool was inspired by the work found in the following repository:

[https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898/blob/ALOK/CVE-2024-40725.py#L21](https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898/blob/ALOK/CVE-2024-40725.py#L21)

## Disclaimer

This tool is intended for educational purposes and authorized security testing only. Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical. Use responsibly.