Portswigger HTTP request smuggling Labs
Portswigger Academy HTTP request smuggling Labs

Introduction

What?

HTTP request smuggling is a technique for interfering with the way a web site processes sequences of HTTP requests that are received from one or more users.

Why?

Request smuggling vulnerabilities are often critical in nature, and can be exploited to bypass security controls, gain unauthorised access to sensitive data, directly compromise other application users, to conduct phishing attacks, cache poisoning, cross-site scripting (XSS), and more. More information regarding exploiting this vulnerability was published by James Kettle during BlackHAT USA 2019, titled HTTP Desync Attacks: Request Smuggling Reborn.

How?