albinowax
commented
5 years ago In the initial release of HTTP Request Smuggler, it scans the request to identify whether it should be CE-TL or TE-CL. This wasn't super reliable so if you get the updated version released yesterday, you'll find you always have both options.
6r0k3d
Hey I tried looking in the docs to see if there was a way to change this, apologies if I missed it-
Working through the labs and was testing out the CE-TL and couldnt figure out why it wasn't returning a 404. Finally realized the smuggle attack option from repeater defaults to the TL-CE.py script. To use CE-TL I had to manually copy paste in the source from the repo.
Is that the current expected behavior? Is there a way to switch through Burp?