Burp Suite User Forum

Create new post

Difference bewteen HTTP Request Smuggler Extension and HTTP request smuggling with Burp scanner

Paolo | Last updated: Aug 13, 2024 05:03PM UTC

Hello, I am currently studying HTTP Desync Attacks and comparing the various tools used to test for these types of vulnerabilities. While experimenting with the HTTP Request Smuggler Extension and Burp Scanner (and also reviewing the code for the Smuggler Extension), I noticed that the Extension appears to be more comprehensive. Is this correct? The reason I ask is that the Extension includes features for testing HTTP Desync attacks in HTTP/2 scenarios, as well as other techniques and attacks, such as Connection-State attacks and unusual behaviors like header removal. However, if I'm mistaken, I would appreciate any corrections. I also have another question, which is not directly related to this topic, but I hope you can help. As I delve deeper into HTTP Desync attacks, I'm curious whether the term "HTTP Desync attacks" is being used incorrectly as a synonym for "HTTP Request Smuggling." From my understanding, HTTP Desync attacks are a broader category that encompasses various attacks exploiting discrepancies in how data is handled between different entities or components. HTTP Request Smuggling (HRS) is just one part of this broader category. For example, I recently came across research on Confusion Attacks (https://blog.orange.tw/2024/08/confusion-attacks-en.html), which, in my opinion, could also fall under the umbrella of HTTP Desync attacks since they involve discrepancies among different entities, such as Apache modules. What are your thoughts on this? Do you think my understanding is correct? Thank you for your time and support!

Syed, PortSwigger Agent | Last updated: Aug 15, 2024 09:52AM UTC

Hi Paolo,

Yes, you are right; the extension is more comprehensive than just for HTTP Smuggling attacks; the reason for that is that it is part of the research done by James Kettle, the author of the extension. If you have any specific questions regarding the extension, you can raise an issue on the GitHub page of the extension and James would be happy to answer them for you.

Yes to your second query as well. HTTP Request Smuggling is a specific type of attack that can arise from the broader category of HTTP Desync issues, but not all HTTP Desync vulnerabilities will necessarily lead to request smuggling.

HTTP Request Smuggling is usually aimed at injecting additional requests that go unnoticed by one server but are executed by another, whereas HTTP Desync is more about causing a breakdown in communication or interpretation between servers.

I hope this helps.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.