SKILL: HTTP Request Smuggling — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert HTTP desync techniques. Covers CL.TE, TE.CL, TE.TE obfuscation variants, HTTP/2 downgrade and pseudo-header confusion, client-side desync (browser
fetch
pipelines), and tool-assisted fuzzing. Assumes familiarity with raw HTTP/1.1 framing and reverse-proxy topologies. This is not “header injection” — it is message boundary disagreement between hops.

Chinese routing prompt: Load this skill when you suspect that the CDN/reverse proxy and the origin site have inconsistent understanding of the 'request end position', or abnormal splicing occurs when H2 is downgraded to H1.

0. QUICK START

CL.TE first probe (front end respects Content-Length, back end respects chunked encoding)

Prerequisite: The front end prioritizes

Content-Length

, while the back end prioritizes

Transfer-Encoding: chunked

. Use an extremely short CL so that the front end accepts the 'false end', while the back end still parses according to chunked encoding, and the remaining content enters the next request.

http

POST / HTTP/1.1
Host: target.example
Content-Type: application/x-www-form-urlencoded
Content-Length: 13
Transfer-Encoding: chunked

0

SMUGGLED

The front end only reads 13 bytes according to
```
Content-Length: 13
```
(i.e.
```
0\r\n\r\nSMUGGLED
```
totals 13 bytes) and considers the request ended.
The back end follows chunked encoding rules: after reading the
```
0
```
end chunk, it treats SMUGGLED
and the following content as the starting byte stream of the next request.

TE.CL first probe (front end respects chunked encoding, back end respects Content-Length)

Prerequisite: The front end parses chunked encoding, while the back end only reads

Content-Length

. Make CL exactly equal to the number of bytes in the chunk length line (usually

: two hexadecimal length characters +

\r\n

), the back end only accepts the length line, and the remaining chunk data and terminator remain on the connection for splicing with subsequent messages.

Embed the second request in the chunk (all line ends are CRLF;

is the hexadecimal chunk length = 53 bytes):

http

POST / HTTP/1.1
Host: target.example
Content-Type: application/x-www-form-urlencoded
Content-Length: 4
Transfer-Encoding: chunked

35
GET /admin HTTP/1.1
Host: target.example
Foo: x

0

The chunk body on the wire must be exactly 53 bytes; if you modify the path/headers, recalculate the chunk length and modify the hexadecimal length line accordingly.

Safety note

Test only within the authorized scope; concurrent smuggling may lead to connection pool pollution, cache corruption, or impact on traffic of other tenants. Prioritize isolated environments or low-traffic windows.

1. CORE CONCEPT

Definition: Two (or more) HTTP processing entities have inconsistent judgments on "where the first request ends and where the second request starts" in the same TCP/TLS stream, resulting in an attacker smuggling part or all of another request in one "logical request".

  Client          Front (proxy/WAF)              Back (origin)
     |                     |                            |
     |==== Request A+B ===>|                            |
     |                     | parses boundary #1         | parses boundary #2
     |                     |         \                  |         /
     |                     |          different split points
     |                     |                            |
     v                     v                            v
                   Request A (seen)              Request A' + smuggled B

Difference from CRLF injection: CRLF injection mostly occurs in responses or header lines; smuggling targets the differences in implementations of RFC 7230 message framing (

Content-Length

chunked

High-impact consequences: Bypassing WAF rules (the smuggled content is not in the front end's "request"), hijacking requests of other users on the same-origin connection (request queue pollution), assisting cache poisoning, and breaking authentication boundaries.

2. CL.TE VULNERABILITIES

Pattern: The front end uses Content-Length
as the standard; the back end uses Transfer-Encoding: chunked
as the standard.

Precise example (consistent with §0):

Content-Length: 13

and

Transfer-Encoding: chunked

exist at the same time, the body is:

text

0\r\n\r\nSMUGGLED

Byte count:

\r\n

\r\n

SMUGGLED

= 13.

Back end perspective: The chunked stream ends at

0\r\n\r\n

; if

SMUGGLED

conforms to

METHOD SP

or a legal start, it becomes the prefix of the smuggled request line.

Parameter adjustment: If the target is sensitive to duplicate headers, case, and spaces, fine-tune

Transfer-Encoding

variants (see §4) while maintaining semantics to match the combination of "front end ignores TE, back end executes TE".

3. TE.CL VULNERABILITIES

Pattern: The front end parses chunked; the back end only reads Content-Length
(or uses an overly short CL).

Intent: The front end treats the entire malicious byte stream as the body; the back end only reads the length specified by CL, and the remaining bytes stay in the buffer and are spliced with subsequent legitimate requests.

Complete TE.CL embedded second request (same family as §0;

Content-Length: 4

+ first chunk length line

35\r\n

http

POST / HTTP/1.1
Host: target.example
Content-Type: application/x-www-form-urlencoded
Content-Length: 4
Transfer-Encoding: chunked

35
GET /admin HTTP/1.1
Host: target.example
Foo: x

0

Explanation:

Back end (CL): Only takes 4 bytes from the start of the message body →
```
3
```
```
5
```
```
\r
```
```
\n
```
, considers the body ended; the remaining bytes stay in the TCP read buffer.
Front end (TE): Parses the complete stream according to chunked encoding, forwards or consumes the entire
```
GET /admin...
```
block as part of the body of the first request that has been declared ended (depending on the product), and the inconsistency with the boundary seen by the back end constitutes TE.CL.

For longer smuggling (e.g.

POST

Content-Length: 11

x=1

), the chunk length is about

(hexadecimal

0x76

= 118 bytes), you can still use

Content-Length: 4

to make the back end only read the length line.

Practical points: The chunk length field must be legal hex; the second request needs to meet the target's expectations for Host, path, and session cookie; the time window and connection reuse strategy determine whether it can "hit" another user's request.

4. TE.TE VULNERABILITIES

Pattern: Both the front end and back end claim to handle

Transfer-Encoding

, but have different judgments on which TE value takes effect and whether it is legal → there may still be an equivalent desync where "one end thinks it is not chunked, the other end thinks it is chunked".

The following 8 obfuscation variants are used to detect parsing differences (shown in single line;

\t

represents a real TAB):

http

Transfer-Encoding: xchunked

http

Transfer-Encoding : chunked

http

Transfer-Encoding: chunked
Transfer-Encoding: chunked

http

Transfer-Encoding: x

http

Transfer-Encoding:[TAB]chunked

(Replace

[TAB]

with actual

\x09

http

 Transfer-Encoding: chunked

(One space at the beginning of the line.)

http

X: X
Transfer-Encoding: chunked

(The value of the previous line is

and the next line starts with

Transfer-Encoding

: use line continuation / loose header parsing to make a certain hop merge the two lines or split them incorrectly; there is a single line break

\n

\r\n

between

and

Transfer-Encoding

, test according to the target stack.)

http

Transfer-Encoding
: chunked

(The field name and colon are on different physical lines; some parsers still treat it as legal

Transfer-Encoding: chunked

Strategy: For each pair (front, back), enumerate "which end accepts this variant as

chunked

"; then combine §2/§3 to judge the equivalent CL.TE or TE.CL.

5. HTTP/2 REQUEST SMUGGLING

H2 → H1 Downgrade

Common scenario: Edge supports HTTP/2, origin pull uses HTTP/1.1. If the implementation does not strictly standardize header fields and body boundaries, the following may occur:

Wrong mapping order of pseudo-headers and ordinary headers;
Forbidden headers (such as some
```
Connection
```
combinations) are forwarded incorrectly;
The merging rules of multiple fields with the same name are inconsistent with the origin site.

Pseudo-header / Header Injection Smuggling (Concept Payload)

The attack surface comes from "the downstream H1 parser treats some bytes as the start of a new request". Common construction ideas in research literature and CTF: use field values that are ignored by one layer but treated as literals by another layer, embed content similar to the following in the value:

text

header ignored\r\n\r\nGET / HTTP/1.1\r\nHost: target

Meaning: If a hop leaves the complete string in the "header value", and the next hop has an incorrect split during H1 reorganization, it may start parsing

GET / HTTP/1.1

as a new request at

\r\n\r\n

Testing directions:

Duplication and case of
```
Transfer-Encoding
```
/
```
Content-Length
```
in H2 (H2 requires lowercase, but the translation layer may have errors);
Downgrade behavior when
```
:method
```
and
```
:path
```
contain abnormal characters;
Interaction between tunnel or extended CONNECT and smuggling.

6. CLIENT-SIDE DESYNC

Scenario: The browser's processing of the request body is inconsistent with the middleware/origin site, or use features such as no-cors
+ preflight exemption to send "atypical" messages, triggering queue effects similar to classic CL.TE/TE.CL (depending on the architecture).

HEAD + GET chain: Some stacks have historical defects in the processing of HEAD response bodies, subsequent pipelining or connection reuse; verification needs to be combined with specific browser versions and target proxies.

JavaScript PoC form (illustration: set the body to a raw byte sequence containing

GET

, combined with

no-cors

and credentials):

javascript

fetch("https://target.example/vulnerable", {
  method: "POST",
  mode: "no-cors",
  credentials: "include",
  body: "GET /admin HTTP/1.1\r\nHost: target.example\r\n\r\n"
});

Note: The browser security model will limit readability; success is often manifested as side effects on other requests on the connection or server log/behavior anomalies, rather than directly reading the response. Evaluation needs to be combined with same-origin policy, CORS, and whether it is coordinated with browser extensions or malformed proxies.

7. TOOLS

Tool	Purpose
Burp Suite — HTTP Request Smuggler (BApp Store)	Automated desync detection, common variants, time difference detection
defparam/smuggler (GitHub)	Python script for batch generating/sending smuggling probes
dhmosfunk/simple-http-smuggler-generator (GitHub)	Quickly assemble raw message templates such as CL.TE / TE.CL

Usage suggestions: First passively confirm the existence of front end + origin site double hops; then select the least destructive probe; reduce concurrency for production environments.

8. DETECTION DECISION TREE

                        Start: reverse proxy / CDN in path?
                                    |
                    NO -------------+------------- YES
                    |                               |
            Low classic smuggling                    |
            (still test H2 desync)                   v
                                            Can you send TE + CL together?
                                                    |
                              NO -------------------+------------------- YES
                              |                                         |
                      Test H2-only issues                    Front prefers which?
                      (pseudo-header, reset)                            |
                                        +-------------------------------+-------------------------------+
                                        |                               |                               |
                                   CL wins                          TE wins                         errors /
                                        |                               |                          connection
                                        v                               v                               |
                                   CL.TE probes                    TE.CL probes                    TE.TE obfuscation
                                   (Sec 0,2)                       (Sec 0,3)                       (Sec 4)
                                        |                               |                               |
                                        v                               v                               v
                              Time / content /                    Adjust chunk                     Pairwise matrix:
                              queue poisoning                     sizes + CL                      which hop accepts
                              signals?                            alignment                       which variant?
                                        |                               |                               |
                                        +-------------------------------+-------------------------------+
                                                                        |
                                                                        v
                                                              Confirm with second request
                                                              smuggled (replay-safe)
                                                              or Collaborator-style side signal

12. RELATED ROUTING

Input enters interpreter/query language/template (unrelated to HTTP framing) → Injection Testing Router (drill down to XSS, SQLi, SSTI, etc.).
Response header splitting, Location CRLF → CRLF Injection.
Cache and path key confusion → Web Cache Deception.

When it is confirmed that it is a HTTP message boundary problem rather than parameter injection, you should stay in this skill to avoid misrouting to the general injection process.

request-smuggling

NPX Install

Tags

SKILL.md Content (Chinese)

SKILL: HTTP Request Smuggling — Expert Attack Playbook

0. QUICK START

CL.TE first probe (front end respects Content-Length, back end respects chunked encoding)

TE.CL first probe (front end respects chunked encoding, back end respects Content-Length)

Safety note

1. CORE CONCEPT

2. CL.TE VULNERABILITIES

3. TE.CL VULNERABILITIES

4. TE.TE VULNERABILITIES

5. HTTP/2 REQUEST SMUGGLING

H2 → H1 Downgrade

Pseudo-header / Header Injection Smuggling (Concept Payload)

6. CLIENT-SIDE DESYNC

7. TOOLS

8. DETECTION DECISION TREE

12. RELATED ROUTING