Skip to content
All Skills

Exploiting HTTP Request Smuggling

Detecting and exploiting HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding parsing discrepancies between front-end and back-end servers.

Security & Compliance|v1|Updated 7/2/2026|GitHub source
MCP get_skill({ skillId: "exploiting-http-request-smuggling-06eb79b7" })

Use this skill with your agent

Create a free account and connect via MCP

Get Started Free
# Exploiting HTTP Request Smuggling

## When to Use

- During authorized penetration tests when the application sits behind a reverse proxy, load balancer, or CDN
- When testing infrastructure with multiple HTTP processors in the request chain (nginx + Apache, HAProxy + Gunicorn)
- For assessing applications for HTTP desynchronization vulnerabilities
- When other attack vectors are limited and you need to bypass front-end security controls
- During security assessments of multi-tier web architectures

## Prerequisites

- **Authorization**: Written penetration testing agreement explicitly covering request smuggling (high-risk test)
- **Burp Suite Professional**: With HTTP Request Smuggler extension (Turbo Intruder)
- **smuggler.py**: Automated HTTP request smuggling detection tool
- **curl**: Compiled with HTTP/1.1 support and manual chunked encoding
- **Target architecture knowledge**: Understanding of proxy/server chain (front-end and back-end)
- **Caution**: Request smuggling can affect other users' requests; test carefully

## Workflow

### Step 1: Identify the HTTP Architecture

Determine the proxy/server chain and HTTP parsing characteristics.

```bash
# Identify front-end proxy/CDN
curl -s -I "https://target.example.com/" | grep -iE \
  "(server|via|x-served-by|x-cache|cf-ray|x-amz|x-varnish)"

# Common architectures:
# Cloudflare → Nginx → Application
# AWS ALB → Apache → Application
# HAProxy → Gunicorn → Python app
# Nginx → Node.js/Express
# Akamai → IIS → .NET app

# Check HTTP version support
curl -s -I --http1.1 "https://target.example.com/" | head -1
curl -s -I --http2 "https://target.example.com/" | head -1

# Check if Transfer-Encoding is supported
curl -s -X POST \
  -H "Transfer-Encoding: chunked" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "0\r\n\r\n" \
  "https://target.example.com/" -w "%{http_code}"

# Check for HTTP/2 downgrade to HTTP/1.1 on backend
# Many CDNs accept HTTP/2 but forward HTTP/1.1 to origin

Continue reading

Sign up for a free account to view the full skill content

Login / Register
#mukul-cybersecurity-skills#security#cybersecurity#applicationgitpythoncurlburpsuitesmugglerh2csmuggler
Exploiting HTTP Request Smuggling - AgentArmory Skill — AgentArmory