exploiting-http-request-smuggling
by mukul975The exploiting-http-request-smuggling skill helps authorized testers detect and assess HTTP request smuggling from Content-Length and Transfer-Encoding parsing mismatches across proxies, load balancers, and CDNs. It’s built for Security Audit workflows with raw-request probing, architecture fingerprinting, and practical validation steps.
This skill scores 72/100, which means it is listable and likely useful for authorized web-security testing, but directory users should expect moderate adoption friction rather than a plug-and-play experience. The repository provides a real workflow, prerequisites, and a runnable agent script, so it offers more than a generic prompt; however, it still leaves some execution details and install guidance implicit.
- Defines a clear authorized-use trigger for reverse-proxy/CDN and multi-tier web apps, making it easier for an agent to know when to use it.
- Includes concrete workflow and detection methods for CL.TE, TE.CL, and TE-TE style probing, which gives the skill reusable operational value.
- Backed by an API reference and scripts/agent.py, including a CLI example and low-level request functions that support actual execution.
- No install command in SKILL.md, so users must infer setup steps and dependency installation from the script/reference files.
- The content is specialized and high-risk; it is only appropriate for authorized testing and requires architecture knowledge plus external tools like Burp Suite Pro or smuggler.py.
Overview of exploiting-http-request-smuggling skill
What the exploiting-http-request-smuggling skill does
The exploiting-http-request-smuggling skill helps you detect and assess HTTP request smuggling caused by front-end and back-end parsing mismatches around Content-Length and Transfer-Encoding. It is best for authorized testers who need a practical workflow for multi-tier web apps, reverse proxies, load balancers, and CDNs.
Who should install it
Install the exploiting-http-request-smuggling skill if you are doing a Security Audit on an architecture where requests pass through more than one HTTP processor. It is especially useful when you already suspect HTTP desync, need to confirm impact, or want a repeatable way to test cases that ordinary browser-based checks miss.
What makes it different
This skill is more than a generic prompt: it is built around a detection workflow, raw-request probing, and architecture fingerprinting. That makes it better suited to real assessments than a high-level explainer, but it also means it assumes you have authorization, a reachable target, and enough context to test safely.
How to Use exploiting-http-request-smuggling skill
Install and locate the right files
Use the exploiting-http-request-smuggling install flow from your skills manager, then read SKILL.md first. For practical setup context, also inspect references/api-reference.md and scripts/agent.py; those files show the intended probe sequence, CLI shape, and the exact helper functions used by the skill.
Turn a vague goal into a useful prompt
Good inputs for exploiting-http-request-smuggling usage include the target URL, whether the app sits behind a proxy or CDN, what you already know about the stack, and what success looks like. For example: “Assess https://app.example.com for CL.TE and TE.CL smuggling; assume Burp Suite is available; return findings, confidence, and safe next steps.” That is better than “check this site,” because it gives the skill a testing frame.
Follow the workflow that the repo actually supports
Start with architecture fingerprinting, then test the likely parsing mismatch types, then compare timing or desync behavior. The repo’s reference material centers on identify_architecture, test_clte_detection, test_tecl_detection, and test_te_te_detection, so feed the skill evidence that helps it choose the right probe path instead of asking for every attack variant at once.
Use safety and output constraints
This skill is most effective when you tell it what not to do: avoid destructive payloads, avoid noisy repeat tests, and stay within an approved window. If you want the output to be actionable for a Security Audit, ask for a short assessment plan, expected indicators, and a concise reporting format alongside the technical test steps.
exploiting-http-request-smuggling skill FAQ
Is this only for advanced testers?
No, but it is not a beginner-safe “click and go” skill either. The exploiting-http-request-smuggling skill works best if you understand proxies, request headers, and why front-end/back-end disagreement creates risk.
When should I not use it?
Do not use it on systems without explicit authorization, on production environments where collateral impact is unacceptable, or when the target is a single-server app with no intermediary HTTP parsing layer. If there is no proxy chain, the value of exploiting-http-request-smuggling drops quickly.
How is it different from a normal prompt?
A normal prompt may explain request smuggling in general, but this skill is organized around install-time use, test ordering, and helper artifacts. That makes the exploiting-http-request-smuggling guide more useful when you need to move from theory to an assessment workflow.
Does it fit Burp Suite or script-based testing?
Yes. The repo signals both manual and script-assisted testing, so it fits Burp Suite-based workflows and Python-driven checks. If your environment blocks raw socket testing or requires only passive assessment, this is probably the wrong skill to install.
How to Improve exploiting-http-request-smuggling skill
Give better target context
The biggest quality gain comes from describing the HTTP chain: CDN, reverse proxy, WAF, app server, and any known header normalization behavior. For exploiting-http-request-smuggling for Security Audit, include what you already observed in response headers, redirects, or timeout patterns so the skill can focus on the most plausible parser mismatch.
Share the right evidence, not just the URL
If you want stronger output from exploiting-http-request-smuggling, include sample requests, notable response differences, and whether delays appear only on one path or one host. The skill can reason much better from header behavior and timing clues than from a bare domain name.
Iterate after the first result
Use the first pass to narrow the likely smuggling class, then ask for a tighter second pass: “Given these headers and this 5-second delay, refine the test plan for CL.TE only.” That is how exploiting-http-request-smuggling usage becomes more precise and less noisy across repeated audits.
Watch for common failure modes
The usual failure is over-testing without confirming architecture, which creates false positives and wasted time. Another is asking the skill to jump directly to exploitation without asking for detection confidence, safe validation, or reportable evidence; a better exploiting-http-request-smuggling skill prompt asks for those checkpoints explicitly.