Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

HTTP smuggling

[ | Last updated: Mar 03, 2022 09:44AM UTC

In this tutorial there is a Note that says: The "attack" request and the "normal" request should be sent to the server using different network connections. Sending both requests through the same connection won't prove that the vulnerability exists. So what does it mean? For example i want to send this request to Confirming TE.CL vulnerabilities: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 144 x= 0 that Note says i should send normal and attack with different networks. I was completely confused about what that meant!

Liam, PortSwigger Agent | Last updated: Mar 03, 2022 02:44PM UTC

Thanks for your message. Could you provide a link to the tutorial, please?

[ | Last updated: Mar 03, 2022 03:19PM UTC

https://portswigger.net/web-security/request-smuggling/finding

[ | Last updated: Mar 03, 2022 03:19PM UTC

https://portswigger.net/web-security/request-smuggling/finding

Liam, PortSwigger Agent | Last updated: Mar 03, 2022 04:02PM UTC