hunt-http-smuggling
Hunt HTTP request smuggling (CL.TE, TE.CL, H2.CL, H2.TE). Cause: front-end proxy and back-end server disagree on where one request ends and the next begins (Content-Length vs Transfer-Encoding header parsing inconsistency). CL.TE: front-end uses CL, back uses TE → smuggle by sending TE: chunked but with body that fits CL count. TE.CL: opposite. H2.CL: HTTP/2 downgrade, smuggle CL into HTTP/1.1 back-end. Detection tools: Burp HTTP Request Smuggler extension, smuggler.py, h2csmuggler. Confirm: time-delay technique (smuggled GET with 30s timeout) — if front-end returns slow on next victim request, smuggling works. Validate: cache poisoning chain (smuggle request that gets cached for victim), credential theft (smuggle X-Forwarded-For override that captures next user's cookies), bypass auth (smuggled internal-path request). Real paid examples from major CDN deployments. Use when hunting H1 paid programs running CDN+origin stacks, when targeting load balancer / WAF bypass.
适合你,如果做Web安全测试,需要发现请求走私漏洞。
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
~/.claude/skills/(项目级 .claude/skills/)~/.codex/skills/npx oh-my-skill add elementalsouls/claude-bughunter/hunt-http-smugglingcurl -fsSL https://oh-my-skill.com/install.sh | bash -s -- elementalsouls/claude-bughunter/hunt-http-smugglingnpx oh-my-skill verify elementalsouls/claude-bughunter/hunt-http-smuggling怎么用
商店整理自技能原文 · 版本 05098fc · 表述以原文为准装上后,Claude 会帮你检测 HTTP 请求走私漏洞(CL.TE、TE.CL、H2.CL、H2.TE 四种类型),并指导你利用时间延迟、缓存投毒、凭证窃取等方式验证漏洞。
当你在 HackerOne 等平台寻找有报酬的漏洞,且目标网站使用 CDN+源站架构,或你想绕过负载均衡器/WAF 时触发。
技能原文 SKILL.md
17. HTTP REQUEST SMUGGLING
Lowest dup rate. $5K–$30K. PortSwigger research by James Kettle.
CL.TE (Content-Length front, Transfer-Encoding back)
POST / HTTP/1.1 Content-Length: 13 Transfer-Encoding: chunked 0 SMUGGLED
Detection
1. Burp extension: HTTP Request Smuggler 2. Right-click request → Extensions → HTTP Request Smuggler → Smuggle probe 3. Manual timing: CL.TE probe + ~10s delay = backend waiting for rest of body
Impact Chain
Poison next request → access admin as victim Steal credentials → capture victim's session Cache poisoning → stored XSS at scale
Target-Suitability Matrix (2026 reality check)
The classic CL.TE / TE.CL payloads are NOT universally exploitable in 2026. Modern proxies are RFC 9112 strict by default. Fingerprint the front-end BEFORE investing time.
| Front-end | CL.TE | TE.CL | H2.CL | H2.TE | Notes | |---|---|---|---|---|---| | Nginx ≥ 1.21 | NO | NO | partial (H2 ingress) | partial | RFC-strict; rejects CL+TE with HTTP 400. Verified locally on Nginx 1.27 — all 9 documented variants killed by front-end ([docs/verification/phase2h-smuggling-cachepoison.md](../../docs/verification/phase2h-smuggling-cachepoison.md)). | | Caddy 2.x | NO | NO | — | — | Hardened by default | | Envoy ≥ 1.20 | NO | NO | partial | partial | Hardened in most paths | | HAProxy ≤ 2.4 | ✓ | ✓ | — | — | Vulnerable, see CVE-2021-40346 | | AWS ALB + specific upstream | partial | partial | ✓ | ✓ | Several disclosed-paid reports 2022-2024 | | Cloudflare → S3 / Lambda chains | — | — | ✓ | ✓ | H2-downgrade attacks remain viable | | Older F5 BIG-IP (TMM < 16) | ✓ | — | — | — | Vendor advisories | | Citrix ADC / NetScaler (older firmware) | ✓ | ✓ | — | — | Disclosed in 2020-2022 | | Squid 3.x | ✓ | — | — | — | Older deployments | | Apache Traffic Server (older) | ✓ | ✓ | ✓ | ✓ | PortSwigger research | | Custom Python / Go proxies | ✓ | ✓ | — | — | Frequently miss RFC enforcement |
Operator fingerprint quick-check
curl -sI https://target/ | grep -i "Server:"
nginx/1.21+,Caddy,envoy→ CL/TE classic is dead — pivot to H2.CL/H2.TE if the front-end speaks HTTP/2, or look for legacy proxies upstreamHAProxy, header points to AWS/CDN → run the full payload matrix- No Server header → assume hardened, but run a single quick
space-before-colonprobe; if it doesn't 400, dig deeper
H2.CL / H2.TE (the modern dominant vector)
H2-downgrade smuggling attacks rely on the front-end speaking HTTP/2 to the client and HTTP/1.1 to origin. The downgrade introduces CL/TE confusion because HTTP/2's frame-length headers don't survive the conversion cleanly. Most CDN+origin chains in 2024-2026 use this exact topology.
Tools that send HTTP/2 raw frames (Burp Pro's HTTP Request Smuggler extension, h2csmuggler, smuggler.py) are the right starting point against CDN-fronted targets. Avoid HTTP/1.1-only test clients (curl, raw sockets) against H2-front-ended targets — you'll send the wrong protocol entirely.
Related Skills & Chains
hunt-cache-poison— Smuggling + cache is the canonical critical chain; one smuggled request becomes the cached response for every subsequent victim. Chain primitive: CL.TE smuggle a request whose response body contains attacker HTML/JS → front-end cache stores it under a popular URL (/,/login) → de-sync poisoning where the smuggled request becomes the cached response for the next N victims, persisting for the cache TTL.hunt-auth-bypass— Smuggling reaches internal-only routes that the front-end WAF/auth-proxy filters out. Chain primitive: smuggleGET /admin/users HTTP/1.1past the front-end ACL that blocks external/admin/*→ backend processes the smuggled request as if from a trusted internal source → bypass front-end auth by smuggling internal-routed request → admin data in the response queue.hunt-idor— Smuggling attaches the NEXT user's session cookies to an attacker-controlled request path. Chain primitive: smuggleGET /api/me HTTP/1.1with no cookies → backend pairs it with the next legitimate user's incoming connection cookies → victim's session cookie attached to attacker's smuggled request → attacker reads the response containing victim's PII/tokens.hunt-xss— Smuggling injects XSS payloads into the response stream of the next victim without ever appearing in a URL parameter. Chain primitive: smuggled request body contains reflected payload that the backend renders into the next response in the queue → next visitor to/receives attacker HTML inline → reflected XSS at every visitor without any URL parameter visible to them or to logs.security-arsenal— Reach for the smuggling payload bank (CL.TE / TE.CL / TE.TE obfuscations, H2.CL downgrade probes, h2csmuggler one-liners, Burp HTTP Request Smuggler extension config) and the time-delay confirmation template before manual hex-editing.triage-validation— Run the Pre-Severity Gate before claiming Critical: the smuggled-request effect MUST land on a request issued by a different client/session, not your own follow-up. A timing delta in your own browser alone is parser disagreement, not exploitable smuggling.