HTTP Request Smuggling

The reappearance of HTTP Request Smuggling

The reappearance of HTTP Request Smuggling

Not too long ago, a colleague and I came across this almost forgotten attack vector, which swiftly resurfaced when Portswigger added it to their portfolio of web vulnerability checks in their fantastic tool, Burp. This attack is quite interesting and different from the usual web vulnerabilities such as SQL injection and path traversal, which, unfortunately, we still see in the wild. In this blog post I will shed some light on what HTTP Request Smuggling is and why it should, once again, be taken seriously.