Varnish Cache releases 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1 and 7.2.0 have a request smuggling vulnerability where an attacker can request that the content-length header is made hop-by-hop. This is a demo consisting of a Spring Boot web application running behind a vulnerable version of Varnish Cache. A "victim" sends requests to the application every 5 seconds and the goal is to steal his cookies.
docker compose up
View the website at: http://localhost
docker build -t <TAG_NAME> frontend
docker build -t <TAG_NAME> backend
docker build -t <TAG_NAME> victim
Update docker-compose.yml with your images and run docker compose up.
View the website at: http://localhost
Packet capturing is enabled on the backend and the pcap file is written to ./capture/backend.pcap