Hey everyone! Check out this playlist for all my solutions to the HTTP Request Smuggling labs from PortSwigger - 👀 ruclips.net/p/PLGb2cDlBWRUX1_7RAIjRkZDYgAB3VbUSw Here are the timestamps for this video - ⏱ 00:00 - Intro 00:32 - Detect the CL.TE vulnerability 02:08 - Confirm the CL.TE vulnerability 04:11 - POST'ing a comment 05:21 - CSRF token and the Session Cookie 05:50 - Move the 'comment' request body parameter 06:24 - How to calculate the initial Content-Length 07:34 - Differential Response Methodology 08:32 - Avoid errors by adding safe padding to the Normal Request 10:21 - Start with our estimated Content-Length 11:19 - Increase the Content-Length to 900 12:09 - Increase the Content-Length to 950 and solve the lab
Dude. You're so good I watched this video for 5 minutes and liked and subbed. I completed the video and I was not disappointed. You have a talent for this. Please make more I will learn so much from you. Thanks man!
I've been waiting for such clear explaination for a long time. Thank you mate. Would be awesome if you keep making similar videos for another advanced attacks like prototype pollution or dom-xss.
thank you @scsf1, that's very nice to hear! Indeed once I've finished up the request smuggling labs I was thinking about doing the prototype pollution labs next. Might sprinkle in some of the new GraphQL labs along the way as I'm excited about those too ☺️
Hey everyone! Check out this playlist for all my solutions to the HTTP Request Smuggling labs from PortSwigger - 👀
ruclips.net/p/PLGb2cDlBWRUX1_7RAIjRkZDYgAB3VbUSw
Here are the timestamps for this video - ⏱
00:00 - Intro
00:32 - Detect the CL.TE vulnerability
02:08 - Confirm the CL.TE vulnerability
04:11 - POST'ing a comment
05:21 - CSRF token and the Session Cookie
05:50 - Move the 'comment' request body parameter
06:24 - How to calculate the initial Content-Length
07:34 - Differential Response Methodology
08:32 - Avoid errors by adding safe padding to the Normal Request
10:21 - Start with our estimated Content-Length
11:19 - Increase the Content-Length to 900
12:09 - Increase the Content-Length to 950 and solve the lab
Dude. You're so good I watched this video for 5 minutes and liked and subbed. I completed the video and I was not disappointed. You have a talent for this. Please make more I will learn so much from you. Thanks man!
Thanks @collabcomm9007, that's really nice to hear! Cheers for subbing, more videos on the way! ☺️
I've been waiting for such clear explaination for a long time. Thank you mate.
Would be awesome if you keep making similar videos for another advanced attacks like prototype pollution or dom-xss.
thank you @scsf1, that's very nice to hear! Indeed once I've finished up the request smuggling labs I was thinking about doing the prototype pollution labs next. Might sprinkle in some of the new GraphQL labs along the way as I'm excited about those too ☺️
These videos are perfect
An alternative way I did was: normal request -> normal request -> attack request -> refresh the blog page to see Victim's comment
These video awesome 👍👍✨✨
Excellent!
thank you @panchakosha!
awesome
keep going
thank you @abdelrhmanmohamed8561! ☺️
Great Keep it Up
thank you @nulled00! ☺️