This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you.
The easiest way to install this is in Burp Suite, via Extender -> BApp Store.
If you prefer to load the jar manually, in Burp Suite (community or pro), use Extender -> Extensions -> Add to load build/libs/http-request-smuggler-all.jar
- Turbo Intruder is a dependency of this project, add it to the root of this source tree as
turbo-intruder-all.jar - Build with
gradle build fatJar
Right click on a request and click 'Launch Desync probe', then watch the extension's output pane.
For more advanced use watch the video.
We've released free online labs to practise against.