HTTP Request Smuggling

00 — Overview

HTTP Request Smuggling

When a proxy and a backend disagree on where one HTTP request ends and the next begins, an attacker can slip a hidden request between them. Learn CL.TE and TE.CL desync, cache poisoning, and how Cloudflare got smuggled in 2019.

Advanced·45 min·6 tasks

// By the end of this module

→Explain the CL.TE and TE.CL desync models and what causes them

→Craft a smuggled request using Content-Length and Transfer-Encoding conflict

→Reach internal admin endpoints by smuggling a hidden request prefix

→Poison a shared cache by smuggling a crafted response into the pipeline

// Prerequisites

Complete these before starting this module for the best experience.

Foundation · Beginner

How the Web Works

45 min

→

Tools · Beginner

curl — Manual HTTP Requests

15 min

→