HTTP Request Smuggler

This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you.

Install

The easiest way to install this is in Burp Suite, via Extender -> BApp Store.
If you prefer to load the jar manually, in Burp Suite (community or pro), use Extender -> Extensions -> Add to load build/libs/http-request-smuggler-all.jar

Compile

Turbo Intruder is a dependency of this project, add it to the root of this source tree as turbo-intruder-all.jar
Build with gradle fatJar

Use

Right click on a request and click 'Launch Desync probe', then watch the extension's output pane under Extender->Extensions->HTTP Request Smuggler
If you're using Burp Pro, any findings will also be reported as scan issues.
For more advanced use watch the video.

Source: Github

HTTP Request Smuggler - Extension For Burp Suite Designed To Help You Launch HTTP Request Smuggling Attacks

HTTP Request Smuggler

Install

Compile

Use

Leave a Comment

No comments

Random Posts

Follow Us

facebook wall

Recent Comments

Popular Posts

Tags

Blog Archive

Adf.ly Ads

Recent Posts

Random Posts

Popular Posts

HTTP Request Smuggler - Extension For Burp Suite Designed To Help You Launch HTTP Request Smuggling Attacks

HTTP Request Smuggler

Install

Compile

Use

Related Posts

Leave a Comment

No comments

Random Posts

Follow Us

facebook wall

Recent Comments

Popular Posts

Tags

Blog Archive

Adf.ly Ads

Recent Posts

Random Posts

Popular Posts