What is HTTP request smuggling?
HTTP request smuggling is a technique for interfering with the way a web site processes sequences of HTTP requests that are received from one or more users. Request smuggling vulnerabilities are often critical in nature, allowing an attacker to bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.
How we can scan all subdomain with smuggler here is the commands
Let’s first scan subdomain of any target like paypal.com and save it in txt here we use findomain tool for subdomain
findomain -o -t paypal.com or you can use any tool like subfinder etc…
So our scanning has been complete and we got a file paypal.com.txt
Now we don’t need to scan every single subdomain we can automate this process HOW?
So let’s see we need to install a smuggler tool from https://github.com/defparam/smuggler
Command is very simple :
git clone https://github.com/defparam/smuggler.git
./smuggler.py -u example.com
And Now See how we can all subdomain in one single command
cat paypal.com.txt | python3 smuggler.py
This Post Has 2 Comments