The ultimate Bug Bounty guide to HTTP request smuggling vulnerabilities

Sometimes the web breaks in ways that developers and security teams cannot see.

One such failure mode is HTTP request smuggling, which offers security researchers large attack surfaces and high-impact vulnerabilities that automated scans often miss.

When a carefully crafted HTTP request confuses a frontend and backend, the backend can become desynchronised, resulting in subsequent users’ requests being processed in the context of another user’s request.

These HTTP request smuggling attacks can lead to cache poisoning (CPDoS), ACL bypasses and session hijacks, especially on stacks still ‘speaking’ the language of HTTP/1.1 or on edges that mishandle HTTP/2 →HTTP/1 downgrades.

This guide shows you practical HTTP request smuggling techniques – including CL.TE, TE.CL, TE.TE and H2 variants – supported by in-depth explanations and examples.

You can find the full article on YesWeHack’s blog page