GitHub
ESC

TE.TE

Both servers support Transfer-Encoding: chunked, but one can be tricked into ignoring it through header obfuscation. smugglex tests 40+ variations.

Obfuscation Examples

Transfer-Encoding: chunked
Transfer-Encoding : chunked
Transfer-Encoding: xchunked
Transfer-Encoding: chunked\x00
Transfer-encoding: chunked

Additional techniques include whitespace injection, control characters, line wrapping, quote variations, header name casing, and duplicate headers.

Run

smugglex -c te-te https://target.com

Combine with --fuzz for even more variations:

smugglex -c te-te --fuzz https://target.com

smugglex - HTTP Request Smuggling Scanner

hahwul.com