Closed shelld3v closed 4 years ago
Also, sorry if bad English 🌝
Why there is no answer ? Did you know shelld3v how to use it?
I don't know :) But I think I am going to close this thing now since there is no answer. Gonna learn other stuff, hate Request smuggling with this bad response :)
Hey thanks for being patient,
This tool isn't an exploitation tool it is a recon tool. It simply finds problematic HTTP requests that should be looked into further. It doesn't stage or teach how to stage any desync attacks. It provides you with the payload of the HTTP request that is problematic and you are expected to know how to exploit using Turbo Intruder and other tools.
My intention with this project is not to teach the exploitation of desync attacks, it is just to search for them. However if you want to take the payload and use it for exploitation you have to know how to read the payload file using python in the Turbo Intruder script and issue the attack with the request. This information is out of scope for this project so am not covering it here.
OK, @defparam! Is there no other option except quiet and don't care about this issue? Very well, then I will close this soon.
Thanks for letting me know:)
To be clear, the point of this tool isn’t to actively exploit hosts. It’s to find potential issues and give you the payload which caused it. It’s not this project’s concern that you don’t know what to do with the payloads it produces and it’s not my mission to teach you how to use turbo intruder.
Hi, I just want to confirm, nothing much. First, when Smuggler detected a vulnerability, it will create a file in the
/payloads
directory contains the payload:Now, many bug bounty programs will require us to confirm the vulnerability, if we can't found a way to make the poisoned victim's request give us a signal, one of the only ways is using Turbo Intruder (of course, make sure that the website doesn't have too much traffic at the time, usually, this only happens in subdomains). So how can I test the payload using my Turbo Intruder? I have pasted the request into Burp Repeater, edited the host, right click, there are 2 options: Smuggle attacker (Cl.TE) and Smuggle attacker (TE.CL), I chose the correct option for my request (TE.CL) but something when wrong with my requests in Turbo Intruder. Did I forget something in my steps? I also want to ask what technique does Smuggler use to detect the vulnerability? Timeout technique, ...? (I think it is using the timeout to detect HTTP request smuggling)