Video wird geladen...

Video konnte nicht geladen werden

Zur Startseite

HTTP Request Smuggling Lab Walkthrough: Confirming a CL.TE vulnerability via differential responses. How to identify CLTE Vulnerabilities: 1. Send request to repeater 2. Downgrade protocol to HTTP/1.1 3. Disable "Update Content-Length" 4. Set Content-Length to 6 5. Add "Transfer-Encoding: chunked" heading 6. Send a chunk with an invalid chunk...

WebSecAcademy's profile picture

Web Security Academy

135,682 subscribers

26,242 Aufrufe • vor 1 Jahr •via X (Twitter)

Wissenschaft & TechnologieBildung
LIVE

Anya Rossi• Live Now

Private livecam show

2 Kommentare

Profilbild von A_dude
A_dudevor 1 Jahr

What's the impact pls?

Profilbild von SecBriefs | Making Cybersecurity Simple
SecBriefs | Making Cybersecurity Simplevor 1 Jahr

🧠Studying for #CompTIA #Security+ but struggling with #Cybersecurity terms?🔍 Cybersecurity Dictionary for Everyone covers everything you need to know and is available on Amazon!🔐 🚀Boost your Security+ prep with it today!💡

Ähnliche Videos

How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: Content-Length: 6 Transfer-Encoding: chunked 0 G 5️⃣ Send request twice. If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability! Try this out for yourself in our CL.TE lab:
0:30

How to manually check for CL.TE Request Smuggling Vulnerabilities: 1️⃣ See if a GET request accepts POST 2️⃣ See if it accepts HTTP/1 3️⃣ Disable "Update Content-Length" 4️⃣ Send with CL & TE headers: POST / HTTP/1.1 Host: Content-Length: 6 Transfer-Encoding: chunked 0 G 5️⃣ Send request twice. If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability! Try this out for yourself in our CL.TE lab:

Web Security Academy

27,902 Aufrufe • vor 10 Monaten

What is HTTP Downgrading, why use it, and how does it work? HTTP/2 is default for most web apps these days, however, it's not uncommon for backend servers to still use HTTP/1.1 causing parsing mismatches between frontend and backend. And that's where HTTP downgrading comes in! But what is it? HTTP downgrading is the process of forcing a request to be processed under HTTP/1.1 instead of HTTP/2. This allows you to manipulate how the frontend and backend servers interpret requests and exploit vulnerabilities unique to HTTP/1.1 parsing such as Content-Length Transfer-Encoding (CL.TE) attacks. How to downgrade HTTP/2 to HTTP/1.1 using Burp Suite 1️⃣ Open Burp Suite and Navigate to Proxy → HTTP History 2️⃣ Locate the request that is currently using HTTP/2. 3️⃣ Send the Request to Repeater 4️⃣ In the Repeater tab, open the "Inspector" panel → Request Attributes → Protocol 5️⃣ Change HTTP Version to HTTP/1.1 6️⃣ Click "Send" in Repeater. If successful, you should receive a valid response, confirming the server accepts HTTP/1.1. And that's it! You've just downgraded the HTTP protocol and confirmed that the frontend server accepts HTTP/1.1! 🥳 You are now ready to smuggle requests! If you want to learn how to exploit this, we've got a Web Academy Lab you need to check out: Thanks for reading! #requestsmuggling #cybersecurity #BurpSuite #hacking #infosec
0:28

What is HTTP Downgrading, why use it, and how does it work? HTTP/2 is default for most web apps these days, however, it's not uncommon for backend servers to still use HTTP/1.1 causing parsing mismatches between frontend and backend. And that's where HTTP downgrading comes in! But what is it? HTTP downgrading is the process of forcing a request to be processed under HTTP/1.1 instead of HTTP/2. This allows you to manipulate how the frontend and backend servers interpret requests and exploit vulnerabilities unique to HTTP/1.1 parsing such as Content-Length Transfer-Encoding (CL.TE) attacks. How to downgrade HTTP/2 to HTTP/1.1 using Burp Suite 1️⃣ Open Burp Suite and Navigate to Proxy → HTTP History 2️⃣ Locate the request that is currently using HTTP/2. 3️⃣ Send the Request to Repeater 4️⃣ In the Repeater tab, open the "Inspector" panel → Request Attributes → Protocol 5️⃣ Change HTTP Version to HTTP/1.1 6️⃣ Click "Send" in Repeater. If successful, you should receive a valid response, confirming the server accepts HTTP/1.1. And that's it! You've just downgraded the HTTP protocol and confirmed that the frontend server accepts HTTP/1.1! 🥳 You are now ready to smuggle requests! If you want to learn how to exploit this, we've got a Web Academy Lab you need to check out: Thanks for reading! #requestsmuggling #cybersecurity #BurpSuite #hacking #infosec

Web Security Academy

62,622 Aufrufe • vor 1 Jahr

Here's how to deliver reflected XSS through a HTTP request smuggling vulnerability! 👇 Try this Practitioner lab now:
0:51

Here's how to deliver reflected XSS through a HTTP request smuggling vulnerability! 👇 Try this Practitioner lab now:

Web Security Academy

45,999 Aufrufe • vor 2 Monaten

Want to find HTTP Request Smuggling vulns without manually crafting weird requests? Check out HTTP Request Smuggler, a Burp Suite extension that automates it for you! Learn more:
3:15

Want to find HTTP Request Smuggling vulns without manually crafting weird requests? Check out HTTP Request Smuggler, a Burp Suite extension that automates it for you! Learn more:

Web Security Academy

11,696 Aufrufe • vor 1 Jahr

How did I test the IDOR vulnerability that leads to all user Data leakage? 1:Change the /me endpoint to /users. 2.Change the GET method to the POST method. 3.Add the Content-Type: application/json header. 4.Add this payload to the HTTP request body. {"ids":["1"]} #bugbountytips
0:58

How did I test the IDOR vulnerability that leads to all user Data leakage? 1:Change the /me endpoint to /users. 2.Change the GET method to the POST method. 3.Add the Content-Type: application/json header. 4.Add this payload to the HTTP request body. {"ids":["1"]} #bugbountytips

Aydin Naserifard

41,413 Aufrufe • vor 3 Jahren

Supabase now provides a free easy-to-use corn job scheduler! Configure the job from the dashboard and set it to send an HTTP request or call a database or edge function periodically! View the history of the past jobs that it ran so that you can debug when something goes wrong!
0:34

Supabase now provides a free easy-to-use corn job scheduler! Configure the job from the dashboard and set it to send an HTTP request or call a database or edge function periodically! View the history of the past jobs that it ran so that you can debug when something goes wrong!

Tyler Shukert

24,244 Aufrufe • vor 1 Jahr

Telcos can send monthly bill payment requests via ISO 20022 request-to-pay. Customers just click the link in the message to auto-populate the remittance info from the original request and transfer the funds. Learn about the benefits of ISO 20022 at
0:46

Telcos can send monthly bill payment requests via ISO 20022 request-to-pay. Customers just click the link in the message to auto-populate the remittance info from the original request and transfer the funds. Learn about the benefits of ISO 20022 at

20022 Labs

27,760 Aufrufe • vor 1 Jahr

Supabase provides a free, easy-to-use cron job scheduler! Configure the job from the dashboard and set it to send an HTTP request or call a database or edge function periodically! View the history of the past jobs that it ran so that you can debug when something goes wrong!
0:34

Supabase provides a free, easy-to-use cron job scheduler! Configure the job from the dashboard and set it to send an HTTP request or call a database or edge function periodically! View the history of the past jobs that it ran so that you can debug when something goes wrong!

Tyler Shukert

23,289 Aufrufe • vor 1 Jahr

Daily testnet interactions on Arc 🪂 1. Arc Pay-Link - go to: - Create a link to request testnet USDC - Add your wallet and the amount you want - Share the link with anyone - they click and send you the USDC 2. Veero - go to: • Save a wallet as a contact for recurring payments • Pick a contact • Enter amount • Send send usdc to your saved contacts anytime. 3. Mint arc × omnihub NFT:
1:00

Daily testnet interactions on Arc 🪂 1. Arc Pay-Link - go to: - Create a link to request testnet USDC - Add your wallet and the amount you want - Share the link with anyone - they click and send you the USDC 2. Veero - go to: • Save a wallet as a contact for recurring payments • Pick a contact • Enter amount • Send send usdc to your saved contacts anytime. 3. Mint arc × omnihub NFT:

Big-Abdul

15,990 Aufrufe • vor 2 Monaten

How to Find Path Delimiter Issues with Burp Suite Intruder Sometimes web servers treat special characters (like ; or ?) differently in URLs. This can lead to security issues like web cache deception or access control problems. Here's how you can test for path delimiter discrepancies: 1️⃣ Capture the Request Find a request you want to test GET /my-account HTTP/2 2️⃣ Right click the request and "Send to Intruder". In Intruder, highlight add a new position after /my-account followed by abc. It should look like this: GET /my-account§§abc HTTP/2 Attack Type = Sniper (only changing one spot). Payload: Paste a list of special characters, like this: ! # $ % & ' ( ) * + , - . / : ; = ? @ [ \ ] _ ~ ... A full list of delimiters can be found here: 3️⃣ Start the Attack Press Start Attack. Look at the Status, Length, and Response columns. Watch for differences (like bigger/smaller pages, changes to status code or different behavior) and if you notice something different then you've likely found a delimiter discrepancy! 🎉 Why is this important? When special characters confuse the server or cache, you might find: 🔸 Web cache deception: Caching personal pages by accident 🔸 Access bypass: Skipping security checks 🔸 Leaked info: Seeing data you shouldn't Try this lab for yourself and dive even deeper into how to exploit this when you find it: #BugBounty #WebSecurity #BurpSuite #EthicalHacking #Cybersecurity
0:27

How to Find Path Delimiter Issues with Burp Suite Intruder Sometimes web servers treat special characters (like ; or ?) differently in URLs. This can lead to security issues like web cache deception or access control problems. Here's how you can test for path delimiter discrepancies: 1️⃣ Capture the Request Find a request you want to test GET /my-account HTTP/2 2️⃣ Right click the request and "Send to Intruder". In Intruder, highlight add a new position after /my-account followed by abc. It should look like this: GET /my-account§§abc HTTP/2 Attack Type = Sniper (only changing one spot). Payload: Paste a list of special characters, like this: ! # $ % & ' ( ) * + , - . / : ; = ? @ [ \ ] _ ~ ... A full list of delimiters can be found here: 3️⃣ Start the Attack Press Start Attack. Look at the Status, Length, and Response columns. Watch for differences (like bigger/smaller pages, changes to status code or different behavior) and if you notice something different then you've likely found a delimiter discrepancy! 🎉 Why is this important? When special characters confuse the server or cache, you might find: 🔸 Web cache deception: Caching personal pages by accident 🔸 Access bypass: Skipping security checks 🔸 Leaked info: Seeing data you shouldn't Try this lab for yourself and dive even deeper into how to exploit this when you find it: #BugBounty #WebSecurity #BurpSuite #EthicalHacking #Cybersecurity

Web Security Academy

18,124 Aufrufe • vor 1 Jahr

Headed to Storrs to send off UConn Men's Basketball to the Final Four with an insane request for @DHurley15 Barstool Sports
2:06

Headed to Storrs to send off UConn Men's Basketball to the Final Four with an insane request for @DHurley15 Barstool Sports

Mike Mutnansky

281,224 Aufrufe • vor 2 Monaten

California asked the Trump Administration back in February to request relief from Congress for the Los Angeles fires. Nearly 11 months later, Trump has failed to send Congress that request — and his FEMA won't even schedule a meeting to discuss it.
0:57

California asked the Trump Administration back in February to request relief from Congress for the Los Angeles fires. Nearly 11 months later, Trump has failed to send Congress that request — and his FEMA won't even schedule a meeting to discuss it.

Governor Gavin Newsom

136,469 Aufrufe • vor 6 Monaten

BREAKING: 🇫🇷🇺🇸 France has rejected a request from Donald Trump and says it will not send warships to the Strait of Hormuz.
0:26

BREAKING: 🇫🇷🇺🇸 France has rejected a request from Donald Trump and says it will not send warships to the Strait of Hormuz.

War Radar

13,727 Aufrufe • vor 3 Monaten

What is happening in Los Angeles is not normal. It is not normal to send in the National Guard without a request from the governor. It is not normal to conduct indiscriminate raids on our immigrant population. Let LA return to normal. Get the National Guard out.
0:48

What is happening in Los Angeles is not normal. It is not normal to send in the National Guard without a request from the governor. It is not normal to conduct indiscriminate raids on our immigrant population. Let LA return to normal. Get the National Guard out.

Mayor Karen Bass

857,051 Aufrufe • vor 11 Monaten

#CommandYourDay with Rorisangt as we lift our spirits up with a song. Send us a voice note and request a song on the Mighty METRO
0:25

#CommandYourDay with Rorisangt as we lift our spirits up with a song. Send us a voice note and request a song on the Mighty METRO

METROFM SABC

13,603 Aufrufe • vor 2 Jahren

Introducing Prompt Request You can now send prompt request and maintainer can accept it and run it with an agent
0:39

Introducing Prompt Request You can now send prompt request and maintainer can accept it and run it with an agent

Beka

23,591 Aufrufe • vor 4 Monaten

Train your entire life to be a pro footballer and get shouted at by this absolute attention seeker. Send a transfer request lads
1:11

Train your entire life to be a pro footballer and get shouted at by this absolute attention seeker. Send a transfer request lads

Tom 🦉

1,456,651 Aufrufe • vor 1 Monat

This is the state of few new breed of so called educated liberal Bong girls, insulting Rabindra Nath Tagore and the National Anthem. Request Kolkata Police to have a look at this video, and if possible send these girls to rehabilitation center.
0:29

This is the state of few new breed of so called educated liberal Bong girls, insulting Rabindra Nath Tagore and the National Anthem. Request Kolkata Police to have a look at this video, and if possible send these girls to rehabilitation center.

Oxomiya Jiyori 🇮🇳

414,556 Aufrufe • vor 3 Jahren

🔥POWERFUL! Stephen Miller just EXPOSED just how EVIL Democrats are in these sanctuary cities and he's SPOT ON! "ICE will then send what's called a detainer request or a hold request and will say, don't release this person, hand them over to ICE, and we'll remove this child predator from our community." "Instead, these sanctuary Mayors will order the Police Department to ignore the federal request to set them free out of the jail, out of the prison, and they will go back into the community, and then they will reoffend." "They will hurt another little girl. They will hurt another little boy. And then ICE has to spend weeks trying to scouring the community to find this public safety threat."
1:42

🔥POWERFUL! Stephen Miller just EXPOSED just how EVIL Democrats are in these sanctuary cities and he's SPOT ON! "ICE will then send what's called a detainer request or a hold request and will say, don't release this person, hand them over to ICE, and we'll remove this child predator from our community." "Instead, these sanctuary Mayors will order the Police Department to ignore the federal request to set them free out of the jail, out of the prison, and they will go back into the community, and then they will reoffend." "They will hurt another little girl. They will hurt another little boy. And then ICE has to spend weeks trying to scouring the community to find this public safety threat."

Gunther Eagleman™

36,358 Aufrufe • vor 10 Monaten