Search the Community

This is an extension for Burp Suite designed to help you launch [Hidden Content] attacks, originally created during [Hidden Content] research. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you. Install The easiest way to install this is in Burp Suite, via Extender -> BApp Store. If you prefer to load the jar manually, in Burp Suite (community or pro), use Extender -> Extensions -> Add to load build/libs/http-request-smuggler-all.jar Compile [Hidden Content] is a dependency of this project, add it to the root of this source tree as turbo-intruder-all.jar Build with gradle fatJar Use Right click on a request and click 'Launch Desync probe', then watch the extension's output pane under Extender->Extensions->HTTP Request Smuggler If you're using Burp Pro, any findings will also be reported as scan issues. For more advanced use watch the [Hidden Content] Practice We've released [Hidden Content] Source & Download [hide][Hidden Content]]