Skip to content

HTTP Request Smuggler

Description

The HTTP Request Smuggler is a go-to Burp extension that allows you to easily detect and exploit web applications for HTTP Request Smuggling. It detects conditions such as CL.TE or TE.CL and reports them directly to Burp Suite’s Dashboard tab, under the Issue Activity menu where all issues are listed.

To use the HTTP Request Smuggler extension, you first need to install the Turbo Intruder extension, which sends a large number of requests to analyze the result.

Steps to Install Turbo Intruder

  1. Start Burp Suite.
  2. Navigate to the Extender tab.
  3. Visit the BApp Store.
  4. Search for Turbo Intruder.
  5. Click Install.

Steps to Install HTTP Request Smuggler

  1. Start Burp Suite.
  2. Navigate to the Extender tab.
  3. Visit the BApp Store.
  4. Search for HTTP Request Smuggler.
  5. Click Install.

References