HTTP request smuggling bug patched in mitmproxy


HTTP request smuggling exploits take advantage of differences in how intermediary and backend servers handle requests to get around security restrictions, get unwanted access to sensitive data, or compromise other app users.

According to Maximilian Hils, the maintainer of mitmproxy, removing this type of vulnerability is difficult since it requires separate HTTP implementations (proxy and target server) to agree on a common interpretation of HTTP messages.

Read More…