Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses
This lab involves a front-end and back-end server, and the back-end server doesn't support chunked encoding.
To solve the lab, smuggle a request to the back-end server, so that a subsequent request for
/ (the web root) triggers a 404 Not Found response.
In Burp Suite, go to the Repeater menu and ensure that the "Update Content-Length" option is unchecked.
Using Burp Repeater, issue the following request twice:
POST / HTTP/1.1
POST /404 HTTP/1.1
The second request should receive an HTTP 404 response.