Burp Suite User Forum

Login to post

HTTP request smuggling

narasimha | Last updated: Oct 27, 2020 08:08AM UTC

how to determine the content length in http request smuggling it is varied in every request POST / HTTP/1.1 Host: vulnerable-website.com Transfer-Encoding: chunked Content-Length: 4 (here) 1 A X POST / HTTP/1.1 Host: vulnerable-website.com Transfer-Encoding: chunked Content-Length: 6 (here) 0 X

Liam, PortSwigger Agent | Last updated: Oct 27, 2020 10:10AM UTC

The front-end server processes the Content-Length header and determines that the request body is 13 bytes long, up to the end of SMUGGLED. This request is forwarded to the back-end server. - https://portswigger.net/web-security/request-smuggling#:~:text=The%20front%2Dend%20server%20processes,body%20as%20using%20chunked%20encoding.

You need to Log in to post a reply. Or register here, for free.