te0-request-smuggling
OfficialDetect elusive TE.0 HTTP request smuggling flaws.
System Documentation
What problem does it solve?
Standard HTTP request smuggling probes for CL.TE and TE.CL variants fail to detect TE.0 smuggling, a vulnerability that occurs when a front-end reverse proxy processes Transfer-Encoding chunked requests but the back-end server entirely ignores the Transfer-Encoding header, leaving the attack undetected by conventional testing methods.
Core Features & Use Cases
- Specialized TE.0 Probe: Includes a crafted HTTP request designed to trigger TE.0 smuggling behavior in vulnerable reverse proxy and backend architectures.
- Exploitation Indicators: Provides clear signs of successful smuggling, including response poisoning, unexpected redirects to attacker-controlled domains, and cross-user session data leakage.
- Common Target Coverage: Targets prevalent vulnerable configurations including Google Cloud-hosted applications, AWS ALB deployments, and misconfigured nginx backends.
- Use Case: Use this skill during web application penetration tests to identify high-severity HTTP request smuggling vulnerabilities that evade standard detection tools.
Quick Start
Use the te0-request-smuggling skill to test a reverse proxy and backend web application for TE.0 request smuggling vulnerabilities after standard CL.TE and TE.CL probes have returned no findings.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: te0-request-smuggling Download link: https://github.com/dreadnode/capabilities/archive/main.zip#te0-request-smuggling Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.