About HTTP Request Smuggling
HTTP Request Smuggling vulnerabilities occur when an attacker sends a malformed HTTP request that is interpreted differently by the frontend and backend servers, allowing them to bypass security controls and access unauthorized resources.
Common Smuggling Types
CL.TE (Content-Length vs Transfer-Encoding): Frontend uses Content-Length, backend uses Transfer-Encoding
TE.CL (Transfer-Encoding vs Content-Length): Frontend uses Transfer-Encoding, backend uses Content-Length
HTTP/2 Smuggling: Exploiting differences between HTTP/2 and HTTP/1.1 parsing
Cache Poisoning: Using smuggling to poison caches and serve malicious content
Advanced Bypasses: Complex techniques to bypass modern protections
Common Vulnerability Sources
Load Balancers: Different parsing between load balancer and backend
Reverse Proxies: Nginx, Apache, CloudFlare, etc.
WAFs: Web Application Firewalls with different parsing
CDNs: Content Delivery Networks with parsing differences
Protocol Downgrades: HTTP/2 to HTTP/1.1 conversion issues
Real-World Impact
Bypass security controls and access unauthorized resources
Cache poisoning and serving malicious content to users
Session hijacking and user impersonation
Access to internal APIs and sensitive endpoints
Bypass authentication and authorization mechanisms
Compliance violations and security breaches