DESYNC_GEN

Automated WAF Desynchronization Testing Framework

FOR AUTHORIZED SECURITY TESTING ONLY

Overview

DESYNC_GEN is a framework for testing Web Application Firewall (WAF) desynchronization vulnerabilities. It generates HTTP requests designed to create parsing discrepancies between security systems (WAFs, CDNs, load balancers) and backend servers, potentially revealing request smuggling and cache poisoning vulnerabilities.

Installation

git clone https://github.com/ekomsSavior/DESYNC_GEN.git
cd DESYNC_GEN
pip install requests colorama --break-system-packages

Usage

Run the main framework:

python desync_framework.py

What to Expect

When running DESYNC_GEN, the tool will:

1. Present testing options - Available desync techniques and payload types
2. Configure target - Set target URL, headers, and parameters
3. Generate payloads - Craft HTTP requests designed to trigger desync conditions
4. Execute tests - Send requests and analyze responses for desync indicators
5. Report findings - Identify potential vulnerabilities with exploitation guidance

Supported Techniques

• CL.TE (Content-Length vs. Transfer-Encoding) desync
• TE.CL (Transfer-Encoding vs. Content-Length) desync
• HTTP header injection and smuggling
• Cache poisoning vectors
• Protocol parsing discrepancies

Output

The framework provides console output showing:
- Payload construction details
- HTTP request/response traces
- Vulnerability detection indicators
- Test success/failure status
- Potential exploitation paths

Test reports are saved in the reports/ directory with timestamps and detailed findings.

Legal Disclaimer

This software is provided strictly for educational purposes and authorized security testing. Use of this tool against systems without explicit written permission is illegal and unethical. The developer assumes no liability for misuse of this software. You are solely responsible for ensuring compliance with all applicable laws and regulations.