Advance Scanning Of HTTP Request Smuggling

What is HTTP request smuggling?

HTTP request smuggling is a technique for interfering with the way a web site processes sequences of HTTP requests that are received from one or more users. Request smuggling vulnerabilities are often critical in nature, allowing an attacker to bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.

How we can scan all subdomain with smuggler here is the commands

Let’s first scan subdomain of any target like paypal.com and save it in txt here we use findomain tool for subdomain

findomain -o -t paypal.com or you can use any tool like subfinder etc…

So our scanning has been complete and we got a file paypal.com.txt
Now we don’t need to scan every single subdomain we can automate this process HOW?
 
So let’s see we need to install a smuggler tool from https://github.com/defparam/smuggler 
 
Command is very simple :
 
git clone https://github.com/defparam/smuggler.git
cd smuggler
./smuggler.py -u example.com
And Now See how we can all subdomain in one single command
cat paypal.com.txt | python3 smuggler.py

 

Thanks 
 
Tags: , , , , , , , , , , , , , , , , , , ,

This Post Has 2 Comments

  2. Gimson http://novostinedeli24.comGimson October 25, 2021 Reply

    Gimson

Leave a Reply