Questions tagged [request-smuggling]
14 questions
3
votes
2 answers
What does "connection" mean in context of request smuggling
I recently read about request smuggling. This is a very interesting attack that I didn't know about. A vulnerability to this was recently discovered at Slack, disclosed responsibly and a bounty was awarded.
The linked article says:
When the…
Ram Rachum
- 1,998
- 2
- 17
- 20
2
votes
0 answers
What are NGINX reverseproxy users doing to prevent HTTP Request smuggling?
Since NGINX does not support sending HTTP/2 requests upstream, what are the present NGINX reverseproxy users doing to mitigate HTTP Request Smuggling vulnerability?
I understand that the best way to prevent HTTP Request Smuggling is by sending…
Sai Vishnu
- 21
- 1
2
votes
0 answers
http smuglling how can i do a poc in a big websites?
i try to find http smuggling in big bug bouny program
if i send this to the server
POST /path HTTP/1.1
Host: subdomain.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Connection: Keep-Alive
Content-Length:…
eyal
- 73
- 1
- 3
2
votes
0 answers
Force Apache Server/Tomcat to ignore Transfer-Encoding
I am trying to reproduce HTTP request smuggling using an Apache HTTP Server as a reverse proxy (using mod_proxy) and a Tomcat Server in the back-end.
Is it possible to force either Apache Server or Tomcat to ignore Transfer-Encoding in requests (and…
Druckles
- 153
- 3
1
vote
3 answers
Is a HTTP Request Smuggling a concern when using load balancers?
CVE-2022-22720 (Apache HTTP Server 2.4.52 vulnerability) mentions that the risk is with HTTP Request Smuggling.
My understanding of HTTP Request Smuggling is that a front server A transmits to a back server B a request. That request can be…
WoJ
- 8,957
- 2
- 32
- 51
1
vote
1 answer
How to exploit HTTP Request Smuggling?
I set up the following lab using HAProxy and Gunicorn.
Both "Smuggler.py" tool and "HTTP Request Smuggler" BurpSuite extension detected CL.TE vulnerability.
I checked it manually by sending below request:
Here is the request in HAProxy:
and, this…
mehran_2020
- 11
- 2
0
votes
1 answer
Are there HTTP/2 specific attacks different from request smuggling?
I'm researching information about HTTP/2 from a cybersecurity point of view for an article, and i wanted to include a section about attacks exclusive to HTTP/2 or were this protocol have a key role.
I already got information about request smuggling…
kiratross
- 1
- 1
0
votes
1 answer
Is HTTP Request Smuggling domain/subdomain wide or directory wide?
I have a pretty good understanding of HTTP Request Smuggling vulnerabilities but one thing I still need some clarification on is if they are domain/subdomain wide or directory wide?
Here's what I mean: If HTTP Request Smuggling vulnerabilities arise…
ex7lted
- 50
- 5
0
votes
0 answers
Can anti-CSRF Token prevent HTTP Request Smuggling?
What is the easiest way to prevent HTTP Request Smuggling ? Can Anti-CSRF tokens prevent the server from processing the smuggled request? OR HTTP request smuggling is possible irrespective of any session id, cookie or token because back-end and…
Mary
- 1
- 1
0
votes
1 answer
Content-Length based DoS
I was trying this, on a website where I was allowed to carry out testing by the site administrator. On failing to use two different headers (Site is beyond AWS and I am getting a 400), I tried the old way of using 2 different Content-Length…
Subbu
- 1
- 1
0
votes
1 answer
why the website cant understand my request in http smuggling?
hi I started to find bug bounty vulnerabilities and i think i found a te.cl vulnerability in a website.
i send
GET / HTTP/1.1
Transfer-Encoding: chunked
Host: subdomain.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)…
eyal
- 73
- 1
- 3
0
votes
1 answer
Nessus Plugin "HTTP Smuggling Detection" failing due to support for http/1.1 - how to overcome?
A new Nessus plugin (140735 - HTTP Smuggling Detection) was very recently incorporated into Tenable's PCI template and is now beeing flagged as a "medium" vulnerability and causing scans to fail.
The only info in the scan report is:
A web server…
B Robster
- 103
- 2
0
votes
2 answers
HTTP Request Smuggling Basics
I am currently trying to learn HTTP Request Smuggling vulnerability to further enhance my pen testing skills. I have watched a couple of videos on Youtube and read articles online regarding it but still have a couple of questions in mind:
What are…
Emanuel Beni
- 133
- 8
-1
votes
2 answers
People say "false positives" in request smuggling. What does it mean?
I always see "false positives" or "false negatives" in HTTP request smuggling forum posts. What does it mean?
Example: HTTP Desync Attacks: Request Smuggling Reborn
eyal
- 73
- 1
- 3