Checks
smugglex supports 6 types of HTTP Request Smuggling checks. Each exploits differences in how front-end and back-end servers parse HTTP requests.
| Check | Description |
|---|---|
| CL.TE | Content-Length vs Transfer-Encoding |
| TE.CL | Transfer-Encoding vs Content-Length |
| TE.TE | Transfer-Encoding obfuscation (40+ variants) |
| H2C | HTTP/2 Cleartext smuggling |
| H2 | HTTP/2 protocol smuggling |
| CL-Edge | Content-Length edge cases |
Run Specific Checks
smugglex -c cl-te,te-cl https://target.com
Detection Method
smugglex uses timing-based detection. It measures baseline response times, then sends smuggling payloads and compares. A significant delay (3x baseline or 1s+ minimum) indicates desynchronization.
In This Section
smugglex - HTTP Request Smuggling Scanner
