RedTeam
3.Web-Hacking
4.Injection
HTTP-Request
HTTP Request Smuggling

https Request smuggling

  • Set request to http 1.1

  • Set request to post

  • Insert Transfer-Encoding

    • Try
      • Transfer-Encoding: chunked
      • Transfer-Encoding : chunked
      • Transfer-Encoding: [tab] chunked

  • We are using different header for the transfer encoding because the frontend server might stop the request because it see the transfer encoding header and does remove it or alter it when passed on the backend server, this help passing the request

Forging Mail Header Password ResetCommands