In this test we manually check if the requests sent between your web application and back-end servers can be interfered.
We modify the request by manipulating Content-Length and Transfer-Encoding headers to check if it is possible to send a second request in the first request’s body.
This vulnerability can enable a user to gain privileges, execute unauthorized commands, bypass security controls and modify data.
We use different scenarios to identify HTTP request smuggling vulnerabilities:
front-end uses the Content-Length header and the back-end server uses the Transfer-Encoding header.
front-end uses the Transfer-Encoding header and the back-end server uses the Content-Length header.
front-end and back-end both support the Transfer-Encoding header, but one of the servers can be induced not to process it by obfuscating the header.
Report will include the details of testing and analysis of HTTP request smuggling vulnerabilities found in your web application.
Based on our finding through our extensive tests we will provide recommendations in the report on how to fix HTTP request smuggling vulnerabilities.