HTTP request smuggling is a technique used to find vulnerabilities in bug bounty programs and penetration tests, rediscovered by portswigger in 2019. In the video I present and explain two reports from Hackerone that show how a bug hunter hacked Slack and Zomato, earning $6,500 and $5,000 respectively.
Follow me on twitter:
https://twitter.com/gregxsunday
Original reports:
https://hackerone.com/reports/737140
https://hackerone.com/reports/771666
Reporter:
https://hackerone.com/defparam
Smuggler tool:
https://github.com/defparam/smuggler
RFC:
https://tools.ietf.org/html/rfc2616#section-4.4
Timestamps:
00:00 Intro
00:26 HTTP Request Smuggling
03:25 Slack’s report
06:30 Zomato’s report
Add comment