MCPcopy Index your code
hub / github.com/GrrrDog/weird_proxies

github.com/GrrrDog/weird_proxies @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
2 symbols 5 edges 2 files 0 documented · 0% updated 2y ago★ 1,8872 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Weird Proxies

It's a cheat sheet about behaviour of various reverse proxies and related attacks.

It is a result of analysis of various reverse proxies, cache proxies, load balancers, etc. The article (https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/) describes the goals of the research and how you can use the cheat sheet.

Analyzed stuff: - Nginx - Apache - Haproxy/Nuster - Varnish - Traefik - Envoy - Caddy - AWS - Cloudflare - Stackpath - Fastly

Additional: - Test Labs

Related articles/white papers/presentations: - Reverse proxies & Inconsistency - Weird proxies/2 and a bit of magic - Attacking Secondary Contexts in Web Applications - Hacking Starbucks and Accessing Nearly 100 Million Customer Records - Middleware, middleware everywhere - and lots of misconfigurations to fix - ParseThru – Exploiting HTTP Parameter Smuggling in Golang - HTTP.ninja - Server Technologies - Reverse Proxy Bypass - Cracking the lens: targeting HTTP's hidden attack-surface - Abusing HTTP hop-by-hop request headers - The perils of the “real” client IP - Smuggling HTTP headers through reverse proxies - At Home Among Strangers - h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c) - H2C Smuggling in the Wild - A story of leaking uninitialized memory from Fastly - What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs - HTTP Desync Attacks: Request Smuggling Reborn - HTTP Request Smuggling via higher HTTP versions - HTTP/2: The Sequel is Always Worse - Response Smuggling:Exploiting HTTP/1.1 Connections - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling - Making HTTP header injection critical via response queue poisoning - Cache poisoning and other dirty tricks - Practical Web Cache Poisoning - Web Cache Entanglement: Novel Pathways to Poisoning - HTTP Caching Tests - CPDoS: Cache Poisoned Denial of Service - The Case of the Missing Cache Keys - Responsible denial of service with web cache poisoning - Cache Poisoning Denial-of-Service Attack Techniques - Cache-Key Normalization DoS - Web Cache Deception Attack - Cached and Confused: Web Cache Deception in the Wild - Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!

Core symbols most depended-on inside this repo

app
called by 0
labs/gunicorn/myapp.py
handle_client_connection
called by 0
labs/raw/http_raw.py

Shape

Function 2

Languages

Python100%

Modules by API surface

labs/raw/http_raw.py1 symbols
labs/gunicorn/myapp.py1 symbols

For agents

$ claude mcp add weird_proxies \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact