HTTP request smuggling
HTTP request smuggling
Scenario:
You are a penetration tester auditing the web application craw.in. You've identified a potential discrepancy in how the front-end server and the back-end server are interpreting HTTP requests. Your goal is to exploit this difference.
Question 1.
You observe the web server returns different response when sending the same request twice. What Header causing an inconsistent request handling?
Question 2.
You suspect CL.TE request smuggling. What does CL stand for?
Question 3.
Still suspected CL.TE request smuggling. What does TE stand for?
Question 4.
What encoding method used in Transfer-Encoding header?
Question 5.
The back-end server appears to be vulnerable to a CL.TE attack. What is the primary goal of exploiting this vulnerability?
Question 6.
In a successful CL.TE attack, what is smuggled?
Question 7.
You want to cause denial of service by crashing the server. What header can you manipulate to make the smuggled request invalid?
Question 8.
You want to redirect users to malicious website. Which header you need to control using http request smuggling to redirect to malicious website?
Question 9.
The application uses session cookies. What is the name of the header where the cookies usually sent in?
Question 10.
You successfully smuggled a request that captures another user's session cookie. What is the name for this attack?
Question 11.
What is the general term for vulnerabilities that arise from inconsistencies in how different parts of an application process HTTP requests?
Question 12.
After identifying a potential smuggling vulnerability, what's a common first step to confirm its exploitable?
Question 13.
To exploit request smuggling, what is the minimum number of HTTP requests you typically need to send in quick succession?