What is HTTP Request Smuggling?

HTTP request smuggling is a web security vulnerability that occurs when an attacker is able to insert an extra, malicious HTTP request into the normal HTTP traffic stream between two systems. This malicious request can then be used to manipulate the behavior of the receiving system, leading to security issues such as Cross-Site Scripting (XSS) and data theft.

Example:

Request:
POST / HTTP/1.1
Host: example.com
Content-Length: 20
Content-Type: application/x-www-form-urlencoded

username=admin&password=password

Response:
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 47

{"success":true,"message":"Login successful"}

In the above example, an attacker could add an extra request by splitting the two requests with a blank line. This would look like the following:

Request:
POST / HTTP/1.1
Host: example.com
Content-Length: 20
Content-Type: application/x-www-form-urlencoded

username=admin&password=password

GET /malicious-site.com HTTP/1.1
Host: malicious-site.com

Response:
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 47

{"success":true,"message":"Login successful"}

The malicious request can then be used to gain access to the target system or to inject malicious code into the target system. This can lead to serious security issues such as data theft and XSS attacks.

In this example, the malicious request could be used to redirect the user to a malicious website or to inject malicious code into the target system. This could lead to data theft or the execution of malicious code on the target system.