Connection Tampering
Learn more about using HTTP pipelining and connection pooling with Nuclei
Pipelining
HTTP Pipelining support has been added which allows multiple HTTP requests to be sent on the same connection inspired from http-desync-attacks-request-smuggling-reborn.
Before running HTTP pipelining based templates, make sure the running target supports HTTP Pipeline connection, otherwise nuclei engine fallbacks to standard HTTP request engine.
If you want to confirm the given domain or list of subdomains supports HTTP Pipelining, httpx has a flag -pipeline
to do so.
An example configuring showing pipelining attributes of nuclei.
An example template demonstrating pipelining capabilities of nuclei has been provided below-
Connection pooling
While the earlier versions of nuclei did not do connection pooling, users can now configure templates to either use HTTP connection pooling or not. This allows for faster scanning based on requirement.
To enable connection pooling in the template, threads
attribute can be defined with respective number of threads you wanted to use in the payloads sections.
Connection: Close
header can not be used in HTTP connection pooling template, otherwise engine will fail and fallback to standard HTTP requests with pooling.
An example template using HTTP connection pooling-
Was this page helpful?