Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please tell me if there are any standards for the design strategy of the cases and what is the reason for still reporting "OK" despite the response code being 200 #34

Open
sunnie-star opened this issue Jan 14, 2025 · 0 comments
Open

Please tell me if there are any standards for the design strategy of the cases and what is the reason for still reporting "OK" despite the response code being 200 #34

sunnie-star opened this issue Jan 14, 2025 · 0 comments

Comments

@sunnie-star
Copy link

Thank you very much for your work. I have two questions that I would like to ask you. Could you please answer them? Thank you very much!

Q1: Different agents may have different strategies for parsing headers and handling TE CL. How to design cases that are not too aggressive, but can truly intercept the risk of smuggling vulnerabilities

Q2: When I was testing the HTTP smuggling vulnerability interception function of my web server, when the response code was 200, there was no potential risk of displaying tecl or clte by this tool. However, if the interception was successful, it should be a response of 400 bad request. Could you please explain why the tool only displays tecl or clte risk when timeout according to your code?
image

Thank you very much again!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sunnie-star