1. Web Security Academy
  2. Request smuggling
  3. Lab

Lab: HTTP request smuggling, obfuscating the TE header

This lab involves a front-end and back-end server, and the two servers handle duplicate HTTP request headers in different ways. The front-end server rejects requests that aren't using the GET or POST method.

To solve the lab, smuggle a request to the back-end server, so that the next request processed by the back-end server appears to use the method GPOST.

Want to track your progress and have a more personalized learning experience? (It's free!)

Sign up Login