Application Security Terminology

Glossary

Svg Vector Icons : http://www.onlinewebfonts.com/icon Return to Glossary

HTTP Request Smuggling

HTTP Request Smuggling exploits the discrepancy in parsing non-RFC-compliant HTTP requests between two HTTP devices (typically a front-end proxy or HTTP-enabled firewall and a backend server). The HTTP Request Smuggling technique is performed by sending multiple specially crafted HTTP requests that cause two attacked entities to see two different sets of requests. 

http-request-smuggling

HTTP Request Smuggling enables an attacker to send one set of requests to the second device while the first device interacts on a different set of requests. The hacker is “smuggling” a request to one device without the other device being aware of it. 

This facilitates several possible exploits, such as partial cache poisoning, bypassing firewall protection, and cross-site scripting (XSS).