Open In App

Smuggler – HTTP Request Smuggling / Desync Testing Tool

Improve
Improve
Like Article
Like
Save
Share
Report

Smuggler is a free and open-source tool available on GitHub. The smuggler tool is used to perform HTTP request smuggling attacks on a domain. HTTP request smuggling is an attack that is performed when a website is processed from the server to the browser. This vulnerability can be used by hackers for exploitations of websites. This can be used to gain unauthorized access to important data by finding the TECL and CELT of the domain. This attack can be used to compromise other web applications associated with the website and web application. This attack can be performed by using content-length header fluctuations and transfer-encoding header. 

Security Consent

It is very important at the time of scanning any target or any domain you must have permission of scanning. Before scanning any target or domain please take proper authorization from the owner of the domain/target. The smuggler tool sends multiple payloads to scan websites and detect vulnerability. This may harm the backend of the website. If any payload harms the backend then the backend socket might get poisoned. The website will not work properly and will not load on the browser. It is suggested to take the permission of the owner of the website before scanning.

Installation

Step 1: Open your kali Linux operating system and use the following command to install the tool. Use the second command to move into the directory of the tool.

git clone https://github.com/defparam/smuggler.git
cd smuggler

Step 2: Now use the following command to run the tool.

python3 smuggler.py -h

The tool is running successfully. Now we will see examples to use the tool.

Usage

Example 1: Use the smuggler tool to find TECL and CELT for HTTP smuggling attacks. (SCAN ONE URL)

python3 smuggler.py -u <url>

The tool found TECL and CLTE which can be used to perform HTTP http smuggling.

Example 2: Use the smuggler tool to find TECL and CELT for HTTP smuggling attacks. 

python3 smuggler.py -u <url>

The tool found TECL and CLTE which can be used to perform HTTP smuggling.


Last Updated : 28 Nov, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads