Http Asking Smuggler - Extension For Burp Suite Designed To Assistance You Lot Launch Http Asking Smuggling Attacks


This is an extension for Burp Suite designed to assist you lot launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research. It supports scanning for Request Smuggling vulnerabilities in addition to besides aids exploitation past times treatment cumbersome offset-tweaking for you.

Install
The easiest agency to install this is inward Burp Suite, via Extender -> BApp Store.
If you lot prefer to charge the jounce manually, inward Burp Suite (community or pro), role Extender -> Extensions -> Add to charge build/libs/http-request-smuggler-all.jar

Compile
  • Turbo Intruder is a dependency of this project, add together it to the root of this source tree equally turbo-intruder-all.jar
  • Build amongst gradle fatJar

Use
Right click on a asking in addition to click 'Launch Desync probe', in addition to therefore sentry the extension's output pane nether Extender->Extensions->HTTP Request Smuggler
If you're using Burp Pro, whatever findings volition besides live on reported equally scan issues.
For to a greater extent than advanced role sentry the video.

Practice
We've released free online labs to do against.