This is a simple application and infrastructure to test HTTP Desync Attacks against Gunicorn+Flask running in ECS behind an AWS ALB.
The whole process is detailed in my blog post.
- In the infra folder,
terraform apply - Change the AWS account ID in the
deploy.shscript ./deploy.sh
The application is largely inspired by code used in the blog post HAProxy HTTP request smuggling.