mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
copilot-swe-agent[bot]
68b76036df
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
1.3 KiB
1.3 KiB
HTTP Request Smuggling
Description
HTTP Request Smuggling occurs when the front-end and back-end servers disagree about where one request ends and the next begins. This vulnerability allows attackers to bypass security controls, gain unauthorized access, and poison web caches.
Vulnerability Types
- CL.TE - Content-Length vs Transfer-Encoding
- TE.CL - Transfer-Encoding vs Content-Length
- TE.TE - Transfer-Encoding obfuscation
- CL.CL - Duplicate Content-Length headers
Common Attack Vectors
- Front-end/Back-end server desynchronization
- Load balancer misconfigurations
- Reverse proxy issues
- CDN edge servers
- WAF bypass
Impact
- Bypass security controls
- Web cache poisoning
- Cross-site scripting
- Request hijacking
- Credential theft
- Access other users' requests
Testing Approach
- Send requests with conflicting Content-Length and Transfer-Encoding headers
- Observe timing differences and response variations
- Test with different header obfuscation techniques
- Verify if smuggled requests affect subsequent requests
Common Vulnerable Configurations
- HAProxy + Apache
- Nginx + Apache
- AWS ALB + various backends
- Akamai + various backends
- Cloudflare + various backends
Payloads
See http-request-smuggling-payloads.txt for a comprehensive list of HTTP Request Smuggling payloads.