Skip to content
This repository has been archived by the owner on Mar 14, 2020. It is now read-only.

Sytten/VulnerableGunicorn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

infra

infra

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

deploy.sh

deploy.sh

 
 

main.py

main.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

VulnerableGunicorn

This is a simple application and infrastructure to test HTTP Desync Attacks against Gunicorn+Flask running in ECS behind an AWS ALB.

The whole process is detailed in my blog post.

Deploy

  1. In the infra folder, terraform apply
  2. Change the AWS account ID in the deploy.sh script
  3. ./deploy.sh

Thanks

The application is largely inspired by code used in the blog post HAProxy HTTP request smuggling.

About

Test Gunicorn + ECS HTTP Desync Attacks

Topics

gunicorn ecs http1-1

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages