Tagged: request-smuggling

Request smuggling: how HTTP/1.1 desync attacks exploit parser disagreement

Traces how HTTP/1.1's two ways of measuring a request body let a front-end and back-end disagree on where one request ends, how CL.TE and TE.CL desync turns that into socket poisoning, and what actually fixes it.

web-security http request-smuggling

Sun, November 23, 2025 · 21 min read

HTTP/2 downgrade smuggling and the desync that survived the upgrade

Traces how HTTP/2-to-HTTP/1.1 downgrading reintroduces request smuggling through H2.CL and H2.TE desync, why a binary length field stops protecting the message the moment an edge rewrites it, and what 2025 research showed is still unfixed.

web-security http2 request-smuggling

Sat, November 22, 2025 · 21 min read