Deep Dive into HTTP Request Smuggling Attacks
Article Brief
Why this article matters
When a reverse proxy and a backend server disagree on where one HTTP request ends and the next begins, an attacker can poison another user's request, bypass WAFs, and steal sessions. This post walks through every variant—CL.TE, TE.TE, TE.CL, and even the Gunicorn Sec-Websocket-Key1 bug—with real HTB lab exploits, payload breakdowns, and Burp Repeater workflows. You'll learn to identify, exploit, and defend against request smuggling at the protocol level.
Continue Reading
Next steps in the archive
Newer article
Introduction to AI Security Course by Lakera AI
Dive into the essentials of AI security and learn about the AI threat landscape and how we can secure Large Language Models (LLMs) with this free 10 days introductory course
Older article
Attacking LLM's - OWASP Top 10 (Part 1)
Uncover the complexities of Large Language Models' vulnerabilities with insights on mitigation strategies, keeping your AI systems secure.