Back
HTTP Request Smuggling (CWE-444)

HTTP Request Smuggling Cheat Sheet

pyus3r
pyus3r
March 4, 2026
0

Vulnerability Summary

HTTP Request Smuggling is an interference vulnerability that occurs when a front-end server and a back-end server disagree on the boundaries of HTTP requests. By manipulating the Content-Length (CL) and Transfer-Encoding (TE) headers, or exploiting HTTP/2 downgrades, an attacker can smuggle hidden requests.

🕵️ HTTP Request Smuggling Cheat Sheet

🔍 1. Discovery & Identification

To identify Request Smuggling, we must observe how the front-end and back-end handle ambiguous requests using either the Content-Length (CL) or Transfer-Encoding (TE) headers.

💡 Tip: Always use tools like Burp Suite's "HTTP Request Smuggler" extension to automate discovery. Check for CL.TE first to avoid poisoning the socket for other users.

image.png

Detecting CL.TE (Front-end uses CL, Back-end uses TE)

If the back-end processes the Transfer-Encoding: chunked header, it will process the 1 (size), the Z (content), and will wait for the 0 (terminator). If a timeout occurs, it indicates a CL.TE vulnerability.

POST /about HTTP/1.1
Host: example.com
Transfer-Encoding: chunked
Content-Length: 4

1
Z

Identification Required

You must be logged in to read this cheatsheet. Join our community of researchers today.

Sign InRegister

Discussion

No comments yet. Be the first to share your thoughts.

Log in to join the discussion.

Sign In