Burp Suite User Forum

Login to post

Lab: HTTP request smuggling, basic CL.TE vulnerability

Alka | Last updated: Jan 11, 2021 07:08PM UTC

I have been using the following request but I am still unable to smuggle a request to the backend server. What am I doing wrong here? POST / HTTP/1.1 Host: ac3a1f9c1e6d40ca80d386f8002100ae.web-security-academy.net Connection: keep-alive Content-Length: 10 Transer-Encoding: chunked Content-Type: application/x-www-form-urlencoded 0 G

Ben, PortSwigger Agent | Last updated: Jan 12, 2021 08:19AM UTC

Hi, Have you switched off the "Update Content-Length" option from under Repeater on the main menu? Your Content-Length value looks like it has been updated from the required value of 6 to the new value of 10.

You need to Log in to post a reply. Or register here, for free.