search

Request smuggling

hashtag
What is the Request smuggling?

HTTP request smuggling is a technique for interfering with the way a web site processes sequences of HTTP requests that are received from one or more users. Request smuggling vulnerabilities are often critical in nature, allowing an attacker to bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.

hashtag
Basic CL.TE vulnerability

hashtag
Check using the Timeout method

Fronend: CL (Content-Length)

Backend: TE (Transfer-Encoding)

  1. Change the request attributes HTTP/2 to HTTP/1 and the method GET to POST. Add the content length and payload as mentioned below. Make sure "Update Content-length" is disabled.

Burp Repeater > Inspector > Request attributes

hashtag
Basic TE.CL Vulnerability

hashtag
Check using the Timeout method

Fronted: Transfer Encoding

Backend: Content Length

  1. Change the request attributes HTTP/2 to HTTP/1 and the method GET to POST. Add the content length and payload as mentioned below. Make sure "Update Content-length" is disabled.

Burp Repeater > Inspector > Request attributes
PreviousOAuth authenticationNextText Payload

Last updated