Click Http Request Smuggler Unable to load to Turb Inturder. Burpsuite 2022.2.2

[ltfafei]

Hello,

Click Http Request Smuggler Unable to load to Turb Inturder. Burpsuite 2022.2.2

[tobmay]

Same issue here: Turbo Intruder window never opens (for probing)

This happens for "HTTP Request Smuggler -> Smuggle Probe" and all other probes in this menu. However, it does open Turbo Intruder for manipulated request (e.g. POST, chunked transport encoding) such that "HTTP Request Smuggler -> Smuggle Attack (CE.TL)" (and "Smuggle Attack (CE.TL)") appear in menu.

Both extensions installed via BApp Store after a fresh installation of BurpSuite.

• BurpSuite Professional v2022.8.5
• Turbo Intruder v1.30
• HTTP Request Smuggler v2.13

Update: "Smuggle Probe" shows results in Logger The Logger shows alls requests & responses as if launched by Turbo Intruder. It can support drawing conclusions but this is not the intended behaviour, right?

Update: test with "Launch all scans" shows plugin output/error Tested with the HTTP request smuggling, obfuscating the TE header lab:

• No TurboIntruder window was opened but it seemed to be working
• The UI didn't inform the user about any actions or issues
• The extension shows connection errors, which I could not confirm/reproduce manually (lab was available on the browser)

The output / error logs attached of "HTTP Request Smuggler" are attached (copied after ~10 min after launching the scans):

• errors.txt
• output.txt

[albinowax]

Probes and scans are not expected to launch a turbo intruder window, as they're fully automatic. Connection errors are also expected, due to the payloads sent by the scans. If a scan detects any vulnerabilities, they will be reported as scanner issues (if you're using pro) or printed in the extension output (if you're on community)

[tobmay]

Awesome, thanks a lot for the clarifications