git clone https://github.com/anshumanpattnaik/http-request-smuggling.gitcd http-request-smugglingpip3 install -r requirements.txt

usage: smuggle.py [-h] [-u URL] [-urls URLS] [-t TIMEOUT] [-m METHOD]                    [-r RETRY]
HTTP Request Smuggling vulnerability detection tool
optional arguments:  -h, --help            show this help message and exit  -u URL, --url URL     set the target url  -urls URLS, --urls URLS                        set list of target urls, i.e (urls.txt)  -t TIMEOUT, --timeout TIMEOUT                        set socket timeout, default - 10  -m METHOD, --method METHOD                        set HTTP Methods, i.e (GET or POST), default - POST  -r RETRY, --retry RETRY                        set the retry count to re-execute the payload, default

python3 smuggle.py -u <URL>

python3 smuggle.py -urls <URLs.txt>

"detection": [  {    "type": "CL.TE",    "payload": "\r\n1\r\nZ\r\nQ\r\n\r\n",    "content_length": 5  },  {    "type": "TE.CL",    "payload": "\r\n0\r\n\r\n\r\nG",    "content_length": 6  }]

推荐阅读

实战|记一次奇妙的文件上传getshell

「 超详细 | 分享 」手把手教你如何进行内网渗透

神兵利器 | siusiu-渗透工具管理套件

一款功能全面的XSS扫描器

实战 | 一次利用哥斯拉马绕过宝塔waf

BurpCrypto: 万能网站密码爆破测试工具

快速筛选真实IP并整理为C段 -- 棱眼

自动探测端口顺便爆破工具t14m4t

渗透工具｜无状态子域名爆破工具（1秒扫160万个子域）