- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
With this type of attack, the attacker attempts to insert additional HTTP requests in the body of the original (enveloping) HTTP request, causing the browser to interpret this as one request. In contrast, the webserver interprets it as two. The essence of the HTTP Request Splitting attack is the attacker's ability, once the victim's browser is forced to load the attacker's malicious HTML page, to manipulate one of the browser's functions to send two HTTP requests instead of one.