Description
Smuggler is a tool for detecting HTTP request smuggling vulnerabilities (CL.TE, TE.CL, TE.TE desync attacks). Request smuggling can lead to cache poisoning, credential hijacking, and unauthorized access.
Installation
BASH
git clone https://github.com/defparam/smuggler.git
cd smuggler
pip3 install -r requirements.txtBasic Usage
BASH
# Test single URL
python3 smuggler.py -u https://target.com
# Test from file
python3 smuggler.py -l urls.txt
# Verbose output
python3 smuggler.py -u https://target.com -vAdvanced Usage
BASH
# Custom timeout
python3 smuggler.py -u https://target.com -t 10
# Specific method
python3 smuggler.py -u https://target.com -m POST
# Custom headers
python3 smuggler.py -u https://target.com -H "Cookie: sess=abc"
# Threads
python3 smuggler.py -l urls.txt --threads 10Common Workflows
BASH
# Scan all subdomains for request smuggling
subfinder -d target.com -silent | httpx -silent | python3 smuggler.py -l /dev/stdin
# Test behind CDN/Load Balancers
# Request smuggling is most impactful behind:
# - AWS ALB/CloudFront
# - Akamai
# - Cloudflare (rare but possible)
# - HAProxy + Apache/Nginx combinationsAttack Types Tested
- CL.TE — Content-Length processed by front-end, Transfer-Encoding by back-end
- TE.CL — Transfer-Encoding processed by front-end, Content-Length by back-end
- TE.TE — Both process Transfer-Encoding but one can be obfuscated