Lab: Exploiting HTTP request smuggling to capture other users' requests

Показать описание

In-depth solution to PortSwigger's "Exploiting HTTP request smuggling to capture other users' requests" lab.

Try it yourself:

Timestamps:
00:00 - Intro
00:32 - Detect the CL.TE vulnerability
02:08 - Confirm the CL.TE vulnerability
04:11 - POST'ing a comment
05:21 - CSRF token and the Session Cookie
05:50 - Move the 'comment' request body parameter
06:24 - How to calculate the initial Content-Length
07:34 - Differential Response Methodology
08:32 - Avoid errors by adding safe padding to the Normal Request
10:21 - Start with our estimated Content-Length
11:19 - Increase the Content-Length to 900
12:09 - Increase the Content-Length to 950 and solve the lab

COOKIE EDITOR EXTENSION:

Рекомендации по теме

Комментарии

Hey everyone! Check out this playlist for all my solutions to the HTTP Request Smuggling labs from PortSwigger – 👀

Here are the timestamps for this video – ⏱
00:00 - Intro
00:32 - Detect the CL.TE vulnerability
02:08 - Confirm the CL.TE vulnerability
04:11 - POST'ing a comment
05:21 - CSRF token and the Session Cookie
05:50 - Move the 'comment' request body parameter
06:24 - How to calculate the initial Content-Length
07:34 - Differential Response Methodology
08:32 - Avoid errors by adding safe padding to the Normal Request
10:21 - Start with our estimated Content-Length
11:19 - Increase the Content-Length to 900
12:09 - Increase the Content-Length to 950 and solve the lab

netletic

Dude. You're so good I watched this video for 5 minutes and liked and subbed. I completed the video and I was not disappointed. You have a talent for this. Please make more I will learn so much from you. Thanks man!

collabcomm

I've been waiting for such clear explaination for a long time. Thank you mate.
Would be awesome if you keep making similar videos for another advanced attacks like prototype pollution or dom-xss.

scsf

An alternative way I did was: normal request -> normal request -> attack request -> refresh the blog page to see Victim's comment

ismailmatrix

Lab: Exploiting HTTP request smuggling to capture other users' requests

Lab: Exploiting HTTP request smuggling to perform web cache poisoning

Lab: Exploiting HTTP request smuggling to perform web cache deception

Lab: Exploiting HTTP request smuggling to reveal front-end request rewriting

Lab: Exploiting HTTP request smuggling to capture other users' requests

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability

Lab: Exploiting HTTP request smuggling to deliver reflected XSS

26.17 Lab: Exploiting HTTP request smuggling to perform web cache deception

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

24.5 Lab: Exploiting HTTP request smuggling to reveal front-end request rewriting | 2024

Exploiting HTTP request smuggling to perform web cache poisoning (SOLVED) - Burp Suite Community

Lab 7 | Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Exploiting HTTP request smuggling to perform web cache poisoning (Video solution, Audio)

Lab 9 | Exploiting HTTP Request Smuggling to Capture Other Users' Requests #BugBounty

Lab: CL.0 request smuggling

Lab: HTTP request smuggling, basic CL.TE vulnerability

Exploiting HTTP request smuggling to deliver reflected XSS (Video solution, Audio)

Lab Exploiting HTTP request smuggling to capture other users' requests | IT7B4 Comprehensive A...

Lab: Confirming a TE.CL vulnerability via differential responses – HTTP Request Smuggling

Exploiting HTTP request smuggling to capture other users' requests (Video solution, Audio)

Lab Exploiting HTTP request smuggling to capture other users' requests

Lab: HTTP request smuggling, basic TE.CL vulnerability

Lab Exploiting HTTP request smuggling to perform web cache poisoning

Lab Exploiting HTTP request smuggling to deliver reflected XSS

Lab 8 | Exploiting HTTP Request Smuggling to Reveal Front-End Request Rewriting #BugBounty