From 159c8ba2967c728c5014f09ff03eafa7ea577daf Mon Sep 17 00:00:00 2001
From: dub-flow <89262088+dub-flow@users.noreply.github.com>
Date: Wed, 15 May 2024 15:55:55 +0200
Subject: [PATCH] Adjusted README

---
 README.md | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 4c4d01e..18cb16b 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,17 @@
-# path-normalization-bypasses
-This repo contains labs for bypassing path normalization issues involving Nginx and e.g. Flask and Node.js
+# Path Normalization 403 Bypass Labs
+
+This repository contains different scenarios for bypassing 403s leverage path normalization inconsistencies which stem from deny rules e.g. configured in Nginx. This work is inspired by https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies.
+
+# Setup (1 Command!)
+
+* You can run each of the scenarios by navigating into the folder and simply executing `docker-compose up`
+
+# Scenarios
+
+### Flask
+
+* Goal: Access `/admin`
+* Problem: Nginx has a rule to deny access to `/admin` and blocks you
+* Bypass: E.g. visit `GET /admin\xa0` (note that you actually need to send the hex character, not the string `\xa0`)
+
+![Alt text](flask/bypass.png)
\ No newline at end of file