Request Smuggling
It’s far more easier to search for articles explaining this concept.
Tools
- HTTP Request Smuggler, Burp extension
# https://github.com/defparam/smuggler
python3 smuggler.py -u <URL>
Articles
- https://portswigger.net/web-security/request-smuggling
- https://cobalt.io/blog/a-pentesters-guide-to-http-request-smuggling
- https://paper.seebug.org/1049/
- https://blog.zeddyu.info/2019/12/08/HTTP-Smuggling-en/
Exploitation
- Bring impact by reporting smuggling chained with host injection. Users should make simple request with your injected header.