Menu
Hey Stackoverflow experts,
I'm wondering if NodeJS/Express server is susceptible to "Request Smuggling", as read here:
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
And if so, how to mitigate it?
I'm not sure Node/Express has access to a chunk HTTP Request? Only the full request?
Anyone have any insight on this?
226
NodeJS applications are supposed to return '400' (a bad request) when dealing with both 'Transfer-Encoding' & 'Content-Length' in the same http request. This is good way to minimize the threat, but nothing is bullet proof.
Specification says that when server is prompt with both headers, that it should ignore 'Content-Length' and proceed with 'Transfer-Encoding', but this is not often the case, nor it is a good thing to do.
From what I can see in the wild, implementation can differ a lot, like a LOT. There is no the best way to deal with this problem. (One of the reasons why it is very common flaw, which can be exploited easily by chaining it with the other flaws in the system)
107
answered Jan 24 '26 17:01
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
