0x1 Posted September 2, 2019 Share Posted September 2, 2019 (edited) This is the hidden content, please Sign In or Sign Up This is an extension for Burp Suite designed to help you launch This is the hidden content, please Sign In or Sign Up attacks, originally created during This is the hidden content, please Sign In or Sign Up research. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you. Install The easiest way to install this is in Burp Suite, via Extender -> BApp Store. If you prefer to load the jar manually, in Burp Suite (community or pro), use Extender -> Extensions -> Add to load build/libs/http-request-smuggler-all.jar Compile This is the hidden content, please Sign In or Sign Up is a dependency of this project, add it to the root of this source tree as turbo-intruder-all.jar Build with gradle fatJar Use Right click on a request and click 'Launch Desync probe', then watch the extension's output pane under Extender->Extensions->HTTP Request Smuggler If you're using Burp Pro, any findings will also be reported as scan issues. For more advanced use watch the This is the hidden content, please Sign In or Sign Up Practice We've released This is the hidden content, please Sign In or Sign Up Source & Download This is the hidden content, please Sign In or Sign Up Edited September 2, 2019 by 0x1 Link to comment Share on other sites More sharing options...
Recommended Posts