Closed mwalkowski closed 2 years ago
Thanks for the report. Can you provide the request you're running it on, and a screenshot of the request smuggler configuration?
Thank you for response.
Request - base64 encoded:
R0VUIC8gSFRUUC8xLjEKSG9zdDogYWNhYzFmMjQxZmU5ODdmNmMwMTkzN2FkMDA5ZjAwMjgud2ViLXNlY3VyaXR5LWFjYWRlbXkubmV0ClNlYy1DaC1VYTogIihOb3QoQTpCcmFuZCI7dj0iOCIsICJDaHJvbWl1bSI7dj0iMTAxIgpTZWMtQ2gtVWEtTW9iaWxlOiA/MApTZWMtQ2gtVWEtUGxhdGZvcm06ICJtYWNPUyIKVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTAxLjAuNDk1MS42NyBTYWZhcmkvNTM3LjM2CkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2UvYXZpZixpbWFnZS93ZWJwLGltYWdlL2FwbmcsKi8qO3E9MC44LGFwcGxpY2F0aW9uL3NpZ25lZC1leGNoYW5nZTt2PWIzO3E9MC45ClNlYy1GZXRjaC1TaXRlOiBub25lClNlYy1GZXRjaC1Nb2RlOiBuYXZpZ2F0ZQpTZWMtRmV0Y2gtVXNlcjogPzEKU2VjLUZldGNoLURlc3Q6IGRvY3VtZW50CkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQpBY2NlcHQtTGFuZ3VhZ2U6IHBsLVBMLHBsO3E9MC45LGVuLVVTO3E9MC44LGVuO3E9MC43CkNvbm5lY3Rpb246IGNsb3NlCgo=
Configuration:
Request screenshot:
Log:
Oooh that looks really bad, thanks I'll fix this ASAP. As a workaround you can delete the text in three settings containing 'filter' - this might fix it.
Did you install this via the bapp store?
Oooh that looks really bad, thanks I'll fix this ASAP. As a workaround you can delete the text in three settings containing 'filter' - this might fix it.
Thanks, now it's working.
Did you install this via the bapp store?
Yes
I've pushed a fix, and it'll land in the BApp store version shortly. Massive thanks for reporting this!
Running the Smuggle Probe on lab 1
HTTP request smuggling, basic CL.TE vulnerability
does not start any tests. In the plugin logs, I only see:Diagnostic info: