Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Portswigger Lab] Bug instance not recognized #15

Open
ghost opened this issue Jul 12, 2020 · 1 comment
Open

[Portswigger Lab] Bug instance not recognized #15

ghost opened this issue Jul 12, 2020 · 1 comment

Comments

@ghost
Copy link

ghost commented Jul 12, 2020

Hi,
thanks for the great tool!

I was playing with this Portswigger lab https://portswigger.net/web-security/request-smuggling/lab-ofuscating-te-header and I saw that this tool is not able to identify that as vulnerable, while Burp HTTP Request Smuggling extension is successful.

Is it something related to how Portswigger lab emulates RS or there could be ways to actually improving this tool?

Thanks again!
@shelld3v
Copy link

WOAH, it's unbelievable! The fact is so unacceptable 🤣 But of course, there is maybe another fact that you may have used Smuggler the wrong way, need confirmation from @defparam, did you get the same result when testing with Portswigger lab?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shelld3v