Closed 6r0k3d closed 5 years ago
In the initial release of HTTP Request Smuggler, it scans the request to identify whether it should be CE-TL or TE-CL. This wasn't super reliable so if you get the updated version released yesterday, you'll find you always have both options.
Ah dope! Worked out of the box this time too, looking forward to testing on bounties!
Hey I tried looking in the docs to see if there was a way to change this, apologies if I missed it-
Working through the labs and was testing out the CE-TL and couldnt figure out why it wasn't returning a 404. Finally realized the smuggle attack option from repeater defaults to the TL-CE.py script. To use CE-TL I had to manually copy paste in the source from the repo.
Is that the current expected behavior? Is there a way to switch through Burp?