shelld3v
commented
4 years ago WOAH, it's unbelievable! The fact is so unacceptable 🤣 But of course, there is maybe another fact that you may have used Smuggler the wrong way, need confirmation from @defparam, did you get the same result when testing with Portswigger lab?
Hi, thanks for the great tool!
I was playing with this Portswigger lab https://portswigger.net/web-security/request-smuggling/lab-ofuscating-te-header and I saw that this tool is not able to identify that as vulnerable, while Burp HTTP Request Smuggling extension is successful.
Is it something related to how Portswigger lab emulates RS or there could be ways to actually improving this tool?
Thanks again!