Hey everyone! Check out this playlist for all my solutions to the HTTP Request Smuggling labs from PortSwigger - 👀 kzbin.info/aero/PLGb2cDlBWRUX1_7RAIjRkZDYgAB3VbUSw Here are the timestamps for this video - ⏱ 00:00 - Intro 00:25 - Confirm the HTTP/2 to HTTP/1.1 CRLF injection vulnerability 03:35 - Start poisoning the response queue to leak the admin's session cookie

Your HTTP request smuggling videos contains, by far the best explanation on the topic. Thank you for making this.

Nice Jarno! At this rate you're going to cover all the academy's request smuggling labs. 😂

Hi Jarno, nice demonstration of this one, i still don't get a few things: 1. If this response splitting is based on response queue poisoning, why is the first request at :path /"arbitrarytexthere" being send as the response for the next request? I thought this is a normal request being made? The response queue poisoning lab request 404 response only triggers with the first smuggled GET request? 2. Why do we need to specify the second GET request with arbitrary text only then it would redirect us to the administrators page? Why this one did not get triggered if we put the /admin path as the second GET request? Your help is kindly appreciated. You're my savior 😂

Super!! but below are not correct yeah Timestamps: 00:00 - Intro 00:25 - Confirm the H2.TE CRLF injection vulnerability 05:00 - Explore the Search endpoint 06:29 - Smuggle the Search Request 08:12 - Capture our victim's request

🔥🔥🔥🔥🔥🔥

Thanks sir you save my laptop display 🥲🔥🔥