It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you.
Install Http Request Smuggler
The easiest way to install this is in Burp Suite, via Extender -> BApp Store.
If you prefer to load the jar manually, in Burp Suite (community or pro), use Extender -> Extensions -> Add to load
- Turbo Intruder is a dependency of this project, add it to the root of this source tree as
- Build with
Right click on a request and click ‘Launch Desync probe’, then watch the extension’s output pane under
Extender->Extensions->HTTP Request Smuggler
If you’re using Burp Pro, any findings will also be reported as scan issues.