HTTP Request Smuggling Vulnerability Scanner with Request Smuggler

  • Jun 29, 2022
  • Article ยท 3 min
  • 633 words

HRS (Request Smuggling Vulnerability) vulnerability allows an attacker to smuggle an ambiguous HTTP request as a second request in one single HTTP request to bypass the security controls of a website and gain access to unauthorized sensitive data and performs malicious activities.

Request Smuggler is a great tool based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.

Table of Contents

Installation on Linux

1. You can install it from release.

2. Install from source code (rust should be installed):

git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release

3. Using cargo install:

cargo install request_smuggler --version 0.1.0-alpha.2

Installation on Mac

1. From source code (rust should be installed):

git clone https://github.com/Sh1Yo/request_smuggler
cd request_smuggler
cargo build --release

2. Using cargo install:

cargo install request_smuggler --version 0.1.0-alpha.2

Installation on Windows

You need to install it from release.

Usage

Have a look at the usage:

USAGE:
    request_smuggler [OPTIONS] --url 

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
        --amount-of-payloads     low/medium/all [default: low]
    -t, --attack-types 
            [ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: "ClTeTime" "TeClTime"]

        --file 
            send request from a file
            you need to explicitly pass \r\n at the end of the lines
    -H, --header                            Example: -H 'one:one' 'two:two'
    -X, --method                              [default: POST]
    -u, --url 
    -v, --verbose 
            0 - print detected cases and errors only,
            1 - print first line of server responses
            2 - print requests [default: 0]
        --verify                             how many times verify the vulnerability [default: 2]

That's all. Thanks for reading. ๐Ÿ™‚

Hacking and Security

Software Engineer | Ethical Hacker & Cybersecurity...

Md Obydullah is a software engineer and full stack developer specialist at Laravel, Django, Vue.js, Node.js, Android, Linux Server, and Ethichal Hacking.

Similar Stories

Prevent Cross-Site Scripting (XSS) in PHP Applications

article
Random Stories

Concurrency in Computer Science with Example

article

What is the Difference Between React Fragment & Array and When to Use

article

How to Use map() in React Application

article

JavaScript How to Replace Words in a String

article

React Update State onChange in an Array of Objects using React Hooks

article