HTTP request smuggling is a high severity vulnerability which is a technique where an attacker smuggles an ambiguous HTTP request to bypass security controls and gain unauthorized access to performs malicious activities, the vulnerability was discovered back in 2005 by watchfire and later in August 2019 it re-discovered by James Kettle - (albinowax) and presented at DEF CON 27 and Black-Hat USA, to know more about this vulnerability you can refer his well-documented research blogs at Portswigger website. So the idea behind this security tool is to detect HRS vulnerability for a given host and the detection happens based on the time delay technique with the given permutes.
Vulnerabilites Covered:
- CL.TE vulnerabilities
- TE.CL vulnerabilities
- TE.TE vulnerabilities
It's quite important to know some of the legal disclaimers before scanning any of the targets, you should have proper authorization before scanning any of the targets otherwise I suggest do not use this tool to scan an unauthorized target because to detect the vulnerability it sends multiple payloads for multiple times which means if something goes wrong then there is a possibility that backend socket might get poisoned with the payloads and any genuine visitors of that particular website might end up seeing the poisoned payload rather seeing the actual content of the website. So I'll highly suggest taking proper precautions before scanning any of the target website otherwise you will face some legal issue.
git clone https://github.com/poseidontor/go-smuggler
go run cmd/go-smuggler/main.go
usage: main.go [-u URL] [-f FILE CONTAINING MULTIPLE URLS] [-t TIMEOUT]
HTTP Request Smuggling vulnerability detector
optional arguments:
-u URL set the target url
-f FILE provide path to file containing multiple URLS
-t SEC set timeout