Home About Contact

Home About Contact

Deep Dive into HTTP Request Smuggling Attacks

Web Application Security

Deep Dive into HTTP Request Smuggling Attacks

April 9, 2024

25 min read

#Web Application Security

Table of Contents

Introduction to HTTP Request Smuggling/Desync Attacks
TCP Stream of HTTP requests
Content-Length vs Transfer-Encoding
Content-Length
Transfer-Encoding
Transfer-Encoding over Content-Length ⚠️
Desynchronization
CL.TE Attack ⚔️
Identification of the CL.TE attack
Exploitation of a CL.TE attack
TE.TE Attack ⚔️
Identification of the TE.TE attack
Exploitation of the TE.TE attack
TE.CL Attack ⚔️
Identification of the TE.CL attack
Exploitation and Exercise
Vulnerable Software
Identification of the Guanicorn 20.0.4
Exploitation of the Guanicorn 20.0.4 and challenge
Exploitation of Request Smuggling
Challenge
The attack
Request Smuggling Tools & Prevention
Mitigations and recommended steps

Keeping Up with Advances in AI Security, Cybersecurity, CVEs technical reviews, Personal Experiences, and Academic Insights!

Content

Vulnerabilities
Updates
Guides
HTB Writeups

Resources

Tips & Tricks
Research Papers
Tools
Cheat Sheets

About

About Me
Contact
Services
Mentoring

Legal

Privacy Policy
Terms of Use
Sitemap
Cookies

Interactive Content

For more dynamic content, live demonstrations, and direct interactions, follow me on my YouTube channel where we explore cybersecurity topics together!

Your support means a lot to me - Please consider subscribing to the channel. It helps me create more educational content for the community.

© 2025 PhiloCyber - Ricardo Prieto. All rights reserved.

Always learning, always exploring