Based on the amazing research by James Kettle. The tool can help to find servers that may be vulnerable to request smuggling vulnerability.
USAGE:
request_smuggler [FLAGS] [OPTIONS] --url <url>
FLAGS:
--full Tries to detect the vulnerability using differential responses as well.
Can disrupt other users!!!
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
--amount-of-payloads <amount-of-payloads> low/medium/all (default is "low")
-H, --header <headers> Example: -H 'one:one' 'two:two'
-X, --method <method> (default is "POST")
-u, --url <url>
-v, --verbose <verbose>
0 - print detected cases and errors only, 1 - print first line of server responses (default is 0)
-
Linux
- from releases
- from source code (rust should be installed)
git clone https://github.com/Sh1Yo/request_smuggler cd request_smuggler cargo build --release
- using cargo install
cargo install request_smuggler --version 0.1.0-alpha.1
-
Mac
- from source code (rust should be installed)
git clone https://github.com/Sh1Yo/request_smuggler cd request_smuggler cargo build --release
- using cargo install
cargo install request_smuggler --version 0.1.0-alpha.1
- from source code (rust should be installed)
-
Windows
- from releases