HTTP request smuggling is a technique used to find vulnerabilities in bug bounty programs and penetration tests, rediscovered by portswigger in 2019. In the video I present and explain two reports from Hackerone that show how a bug hunter hacked Slack and Zomato, earning $6,500 and $5,000 respectively.

Follow me on twitter:
https://twitter.com/gregxsunday

Original reports:
https://hackerone.com/reports/737140
https://hackerone.com/reports/771666

Reporter:
https://hackerone.com/defparam

Smuggler tool:
https://github.com/defparam/smuggler

RFC:
https://tools.ietf.org/html/rfc2616#section-4.4

Timestamps:
00:00 Intro
00:26 HTTP Request Smuggling
03:25 Slack’s report
06:30 Zomato’s report

Add comment

Your email address will not be published. Required fields are marked *