HTTP Request Smuggling Vulnerability Scanner with Request Smuggler
HRS (Request Smuggling Vulnerability) vulnerability allows an attacker to smuggle an ambiguous HTTP request as a second request in one single HTTP request to bypass the security controls of a website and gain access to unauthorized sensitive data and performs malicious activities.
Request Smuggler is a great tool based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.
Table of Contents
Installation on Linux
1. You can install it from release.
2. Install from source code (rust should be installed):
git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release3. Using cargo install:
cargo install request_smuggler --version 0.1.0-alpha.2Installation on Mac
1. From source code (rust should be installed):
git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release2. Using cargo install:
cargo install request_smuggler --version 0.1.0-alpha.2Installation on Windows
You need to install it from release.
Usage
Have a look at the usage:
USAGE:
request_smuggler [OPTIONS] --url
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
--amount-of-payloads low/medium/all [default: low]
-t, --attack-types
[ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: "ClTeTime" "TeClTime"]
--file
send request from a file
you need to explicitly pass \r\n at the end of the lines
-H, --header Example: -H 'one:one' 'two:two'
-X, --method [default: POST]
-u, --url
-v, --verbose
0 - print detected cases and errors only,
1 - print first line of server responses
2 - print requests [default: 0]
--verify how many times verify the vulnerability [default: 2] That's all. Thanks for reading. 🙂
Share on Social Media
Comment
Preview may take a few seconds to load.
Markdown Basics
Below you will find some common used markdown syntax. For a deeper dive in Markdown check out this Cheat Sheet
Bold & Italic
Italics *asterisks*
Bold **double asterisks**
Code
Inline Code
`backtick`Code Block```
Three back ticks and then enter your code blocks here.
```
Headers
# This is a Heading 1
## This is a Heading 2
### This is a Heading 3
Quotes
> type a greater than sign and start typing your quote.
Links
You can add links by adding text inside of [] and the link inside of (), like so:
Lists
To add a numbered list you can simply start with a number and a ., like so:
1. The first item in my list
For an unordered list, you can add a dash -, like so:
- The start of my list
Images
You can add images by selecting the image icon, which will upload and add an image to the editor, or you can manually add the image by adding an exclamation !, followed by the alt text inside of [], and the image URL inside of (), like so:
Dividers
To add a divider you can add three dashes or three asterisks:
--- or ***
Comments (0)