Adjusted README

2024-05-15 15:55:55 +02:00 · 2024-05-15 15:55:55 +02:00 · 159c8ba296
parent 01ee900980
commit 159c8ba296
1 changed files with 17 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,17 @@
-# path-normalization-bypasses
-This repo contains labs for bypassing path normalization issues involving Nginx and e.g. Flask and Node.js
+# Path Normalization 403 Bypass Labs
+
+This repository contains different scenarios for bypassing 403s leverage path normalization inconsistencies which stem from deny rules e.g. configured in Nginx. This work is inspired by https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies.
+
+# Setup (1 Command!)
+
+* You can run each of the scenarios by navigating into the folder and simply executing `docker-compose up`
+
+# Scenarios
+
+### Flask
+
+* Goal: Access `/admin`
+* Problem: Nginx has a rule to deny access to `/admin` and blocks you
+* Bypass: E.g. visit `GET /admin\xa0` (note that you actually need to send the hex character, not the string `\xa0`)
+
+![Alt text](flask/bypass.png)