HTTP Request Smuggling Vulnerability Scanner with Request Smuggler
HRS (Request Smuggling Vulnerability) vulnerability allows an attacker to smuggle an ambiguous HTTP request as a second request in one single HTTP request to bypass the security controls of a website and gain access to unauthorized sensitive data and performs malicious activities.
Request Smuggler is a great tool based on the amazing research by Fix. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.
Table of Contents
- Installation on Linux
- Installation on Mac
- Installation on Windows
- Usage
Installation on Linux
1. You can install it from the release.
2. Install from source code (rust should be installed):
3. Using cargo install:
Installation on Mac
1. From source code (rust should be installed):
2. Using cargo install:
Installation on Windows
You need to install it from release.
Usage
Have a look at the usage:
USAGE:
request_smuggler [OPTIONS] --url
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
--amount-of-payloads low/medium/all [default: low]
-t, --attack-types
[ClTeMethod, ClTePath, ClTeTime, TeClMethod, TeClPath, TeClTime] [default: "ClTeTime" "TeClTime"]
--file
send request from a file
you need to explicitly pass \r\n at the end of the lines
-H, --header Example: -H 'one:one' 'two:two'
-X, --method [default: POST]
-u, --url
-v, --verbose
0 - print detected cases and errors only,
1 - print first line of server responses
2 - print requests [default: 0]
--verify how many times verify the vulnerability [default: 2] That's all. Thanks for reading. 🙂
Tags:
Learn Move
