I am currently trying to learn HTTP Request Smuggling vulnerability to furthermore enhance my pen testing skill. I have watched a couple of videos on Youtube and read articles online regarding it but still have a couple of questions in mind. Question:
- What are the attack vectors of HTTP Req Smuggling (Where should I look)?
- What is the main way to provide PoC to companies with high traffic? I know that HTTP Smuggling could possibly steal people’s cookie, can this be used for the PoC or is this illegal?
- Can this or other vulnerability be chained together? (e.g. self-xss & csrf)
Thank you everyone!