HTTP request smuggling

Chaim Linhart, Amit Klein, Ronen Heled, Steve Orrin

Research output: Contribution to specialist publicationArticle

3 Scopus citations


A new hacking technique HTTP request smuggling (HRS) and the damages that it can inflict, are discussed. HRS send multiple HTTP requests that cause two attacked devices to see different sets of requests, allowing the hacker to smuggle a request to one device without the other device being aware of it. The attacker can change the entries in the cache, so that an existing page would be cached under another page. It is also possible to exploit a vulnerability in the Web application to steal client credentials without the need to actually contact the client.

Original languageEnglish
Number of pages14
Specialist publicationComputer Security Journal
StatePublished - Dec 2006


Dive into the research topics of 'HTTP request smuggling'. Together they form a unique fingerprint.

Cite this