Burp Suite User Forum

Login to post

HTTP Request Smuggler Extension vs HTTP request smuggling scanner

Jas | Last updated: Aug 31, 2021 12:03AM UTC

When practicing the basic CL.TE lab ( Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability), I firstly used the HTTP Request Smuggler Extension -> Smuggle probe to test the lab main page but failed to find any issue. I then configured the Burp scanner to perform only the HTTP request smuggling scan against the lab main page and successfully identified the HTTP request smuggling issue. My questions are: 1. How reliable is the HTTP Request Smuggler extension? and 2. What are the differences between the extension and the burp scanner which making the testing results differing significantly? Thanks and regards.

Michelle, PortSwigger Agent | Last updated: Aug 31, 2021 01:28PM UTC

Thanks for your message. Testing this here we have been able to successfully use HTTP Request Smuggler to solve the lab 'Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability' using the technique described for another of the labs here: https://github.com/PortSwigger/http-request-smuggler An issue was found by the extension and displayed in the Issue activity section of the Burp Dashboard. Were you using the default settings with HTTP Request Smuggler? Which request did you use as a starting point for your test?

Jas | Last updated: Aug 31, 2021 11:01PM UTC

Thanks for your reply, Michelle. Yes, I used the default setting with the extension. The starting request sent to the extension is: GET / HTTP/1.1 I could use the default python code of the CL.TE exploit option of the extension to solve the CL.TE lab after the scanner identified the issue. However, I was unable to use the Smuggle Probe feature of the extension to identify the issue. This is my question from. I want to know which one, extension or scanner, could reliability identify the request smuggling issue, and the reasons.

Michelle, PortSwigger Agent | Last updated: Sep 01, 2021 10:51AM UTC

Thanks for the update. I'm afraid we've not been able to replicate the behavior you're seeing. We've been able to find HTTP request smuggling issues in this particular lab reliably both using the extension (Smuggle Probe) and the Scanner. If you can email a screen recording showing the steps you're taking to support@portswigger.net when the issue isn't found we can take a quick look to see if we can spot any differences.

You need to Log in to post a reply. Or register here, for free.