DESYNC_GEN

Automated WAF Desynchronization Testing Framework

FOR AUTHORIZED SECURITY TESTING ONLY

Overview

DESYNC_GEN is a framework for testing Web Application Firewall (WAF) desynchronization vulnerabilities. It generates HTTP requests designed to create parsing discrepancies between security systems (WAFs, CDNs, load balancers) and backend servers, potentially revealing request smuggling and cache poisoning vulnerabilities.

Installation

git clone https://github.com/ekomsSavior/DESYNC_GEN.git
cd DESYNC_GEN
pip install requests colorama --break-system-packages

Usage

Run the main framework:

python desync_framework.py

What to Expect

When running DESYNC_GEN, the tool will:

1. Present testing options - Available desync techniques and payload types
2. Configure target - Set target URL, headers, and parameters
3. Generate payloads - Craft HTTP requests designed to trigger desync conditions
4. Execute tests - Send requests and analyze responses for desync indicators
5. Report findings - Identify potential vulnerabilities with exploitation guidance

Supported Techniques

• CL.TE (Content-Length vs. Transfer-Encoding) desync
• TE.CL (Transfer-Encoding vs. Content-Length) desync
• HTTP header injection and smuggling
• Cache poisoning vectors
• Protocol parsing discrepancies

Output

The framework provides console output showing:
- Payload construction details
- HTTP request/response traces
- Vulnerability detection indicators
- Test success/failure status
- Potential exploitation paths

Test reports are saved in the reports/ directory with timestamps and detailed findings.

Legal Disclaimer

This software is provided strictly for educational purposes and authorized security testing. Use of this tool against systems without explicit written permission is illegal and unethical. The developer assumes no liability for misuse of this software. You are solely responsible for ensuring compliance with all applicable laws and regulations.

MIT License Copyright (c) 2026 ek0mssavi0r / Church of Malware Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. USE AT YOUR OWN RISK. NO WARRANTY PROVIDED.