> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# HTTP Request Smuggling

> Cross-platform resources for HTTP Request Smuggling: curated HTB machines, PortSwigger labs and TryHackMe rooms with validated writeups and related skills.

# HTTP Request Smuggling

This page aggregates **cross-platform resources to practice HTTP Request Smuggling**: retired Hack The Box machines, PortSwigger Web Security Academy labs and TryHackMe rooms, plus curated resources (HackTricks, PortSwigger, etc.) and related skills.

## Curated resources

| Source      | Link                                                                                                             |
| ----------- | ---------------------------------------------------------------------------------------------------------------- |
| PortSwigger | [https://portswigger.net/web-security/request-smuggling](https://portswigger.net/web-security/request-smuggling) |

## HTB machines practicing HTTP Request Smuggling (1)

| Machine                                    | OS    | Difficulty                                           |
| ------------------------------------------ | ----- | ---------------------------------------------------- |
| [Sink](/en/htb/machines/linux/insano/sink) | Linux | <span className="dbadge dbadge-insane">INSANE</span> |

## PortSwigger labs practicing HTTP Request Smuggling (16)

| Lab                                                                                                                                                                               | Difficulty                                                 | Topic                  | Official                                                                                                                              |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
| [0.CL request smuggling](/en/portswigger/labs/request-smuggling/advanced-request-smuggling-0cl-request-smuggling)                                                                 | <span className="dbadge dbadge-easy">APPRENTICE</span>     | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-0cl-request-smuggling)                   |
| [Exploiting HTTP request smuggling to perform web cache deception](/en/portswigger/labs/request-smuggling/exploiting-perform-web-cache-deception)                                 | <span className="dbadge dbadge-easy">APPRENTICE</span>     | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/exploiting/lab-perform-web-cache-deception)                             |
| [Exploiting HTTP request smuggling to perform web cache poisoning](/en/portswigger/labs/request-smuggling/exploiting-perform-web-cache-poisoning)                                 | <span className="dbadge dbadge-easy">APPRENTICE</span>     | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/exploiting/lab-perform-web-cache-poisoning)                             |
| [Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability](/en/portswigger/labs/request-smuggling/exploiting-bypass-front-end-controls-cl-te) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/exploiting/lab-bypass-front-end-controls-cl-te)                         |
| [Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability](/en/portswigger/labs/request-smuggling/exploiting-bypass-front-end-controls-te-cl) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/exploiting/lab-bypass-front-end-controls-te-cl)                         |
| [Exploiting HTTP request smuggling to capture other users' requests](/en/portswigger/labs/request-smuggling/exploiting-capture-other-users-requests)                              | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/exploiting/lab-capture-other-users-requests)                            |
| [Exploiting HTTP request smuggling to deliver reflected XSS](/en/portswigger/labs/request-smuggling/exploiting-deliver-reflected-xss)                                             | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/exploiting/lab-deliver-reflected-xss)                                   |
| [Exploiting HTTP request smuggling to reveal front-end request rewriting](/en/portswigger/labs/request-smuggling/exploiting-reveal-front-end-request-rewriting)                   | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/exploiting/lab-reveal-front-end-request-rewriting)                      |
| [H2.CL request smuggling](/en/portswigger/labs/request-smuggling/advanced-request-smuggling-h2-cl-request-smuggling)                                                              | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-cl-request-smuggling)                 |
| [HTTP request smuggling, basic CL.TE vulnerability](/en/portswigger/labs/request-smuggling/basic-cl-te)                                                                           | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te)                                                        |
| [HTTP request smuggling, basic TE.CL vulnerability](/en/portswigger/labs/request-smuggling/basic-te-cl)                                                                           | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/lab-basic-te-cl)                                                        |
| [HTTP request smuggling, confirming a CL.TE vulnerability via differential responses](/en/portswigger/labs/request-smuggling/finding-confirming-cl-te-via-differential-responses) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/finding/lab-confirming-cl-te-via-differential-responses)                |
| [HTTP request smuggling, confirming a TE.CL vulnerability via differential responses](/en/portswigger/labs/request-smuggling/finding-confirming-te-cl-via-differential-responses) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/finding/lab-confirming-te-cl-via-differential-responses)                |
| [HTTP request smuggling, obfuscating the TE header](/en/portswigger/labs/request-smuggling/obfuscating-te-header)                                                                 | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/lab-obfuscating-te-header)                                              |
| [HTTP/2 request smuggling via CRLF injection](/en/portswigger/labs/request-smuggling/advanced-request-smuggling-h2-request-smuggling-via-crlf-injection)                          | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-smuggling-via-crlf-injection) |
| [HTTP/2 request splitting via CRLF injection](/en/portswigger/labs/request-smuggling/advanced-request-smuggling-h2-request-splitting-via-crlf-injection)                          | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Open](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection) |

## TryHackMe rooms practicing HTTP Request Smuggling (3)

| Room                                                                    | Difficulty                                         | Type        | Access  | Official                                                 |
| ----------------------------------------------------------------------- | -------------------------------------------------- | ----------- | ------- | -------------------------------------------------------- |
| [HTTP Request Smuggling](/en/tryhackme/rooms/httprequestsmuggling)      | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/httprequestsmuggling)  |
| [Request Smuggling: WebSockets](/en/tryhackme/rooms/wsrequestsmuggling) | <span className="dbadge dbadge-easy">MEDIUM</span> | Walkthrough | 🔵 VIP  | [Open](https://tryhackme.com/room/wsrequestsmuggling)    |
| [HTTP/2 Request Smuggling](/en/tryhackme/rooms/http2requestsmuggling)   | <span className="dbadge dbadge-easy">HARD</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/http2requestsmuggling) |

***

← [Back to the full glossary](/en/glossary)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"HTTP Request Smuggling","termCode":"request-smuggling","inLanguage":"en","url":"https://rootea.es/en/skills/request-smuggling","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Tactical pentesting glossary","url":"https://rootea.es/en/glossary"}}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"ItemList","name":"HTB machines practicing HTTP Request Smuggling","numberOfItems":1,"itemListElement":[{"@type":"ListItem","position":1,"url":"https://rootea.es/en/htb/machines/linux/insano/sink","name":"Sink"}]}`}
</script>

*Last updated: 2026-06-07*
