HTTP request smuggling is a technique used to find vulnerabilities in bug bounty programs and penetration tests, rediscovered by portswigger in 2019. In the video I present and explain two reports from Hackerone that show how a bug hunter hacked Slack and Zomato, earning $6,500 and $5,000 respectively.

Follow me on twitter:

Original reports:


Smuggler tool:


00:00 Intro
00:26 HTTP Request Smuggling
03:25 Slack’s report
06:30 Zomato’s report

Add comment

Your email address will not be published. Required fields are marked *