> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# HTTP Request Smuggling

> Recursos cross-platform para HTTP Request Smuggling: máquinas HTB, labs PortSwigger y rooms TryHackMe curados, con writeups validados y skills relacionadas.

# HTTP Request Smuggling

Esta página agrega los **recursos para practicar HTTP Request Smuggling** de forma cross-platform: máquinas retiradas de Hack The Box, labs de PortSwigger Web Security Academy y rooms de TryHackMe, más recursos curados (HackTricks, PortSwigger, etc.) y skills relacionadas.

## Recursos curados

| Fuente      | Enlace                                                                                                           |
| ----------- | ---------------------------------------------------------------------------------------------------------------- |
| PortSwigger | [https://portswigger.net/web-security/request-smuggling](https://portswigger.net/web-security/request-smuggling) |

## Máquinas HTB que practican HTTP Request Smuggling (1)

| Máquina                                 | SO    | Dificultad                                           |
| --------------------------------------- | ----- | ---------------------------------------------------- |
| [Sink](/htb/machines/linux/insano/sink) | Linux | <span className="dbadge dbadge-insane">INSANE</span> |

## Labs PortSwigger que practican HTTP Request Smuggling (16)

| Lab                                                                                                                                                                            | Dificultad                                                 | Topic                  | Oficial                                                                                                                                |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
| [0.CL request smuggling](/portswigger/labs/request-smuggling/advanced-request-smuggling-0cl-request-smuggling)                                                                 | <span className="dbadge dbadge-easy">APPRENTICE</span>     | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-0cl-request-smuggling)                   |
| [Exploiting HTTP request smuggling to perform web cache deception](/portswigger/labs/request-smuggling/exploiting-perform-web-cache-deception)                                 | <span className="dbadge dbadge-easy">APPRENTICE</span>     | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/exploiting/lab-perform-web-cache-deception)                             |
| [Exploiting HTTP request smuggling to perform web cache poisoning](/portswigger/labs/request-smuggling/exploiting-perform-web-cache-poisoning)                                 | <span className="dbadge dbadge-easy">APPRENTICE</span>     | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/exploiting/lab-perform-web-cache-poisoning)                             |
| [Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability](/portswigger/labs/request-smuggling/exploiting-bypass-front-end-controls-cl-te) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/exploiting/lab-bypass-front-end-controls-cl-te)                         |
| [Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability](/portswigger/labs/request-smuggling/exploiting-bypass-front-end-controls-te-cl) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/exploiting/lab-bypass-front-end-controls-te-cl)                         |
| [Exploiting HTTP request smuggling to capture other users' requests](/portswigger/labs/request-smuggling/exploiting-capture-other-users-requests)                              | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/exploiting/lab-capture-other-users-requests)                            |
| [Exploiting HTTP request smuggling to deliver reflected XSS](/portswigger/labs/request-smuggling/exploiting-deliver-reflected-xss)                                             | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/exploiting/lab-deliver-reflected-xss)                                   |
| [Exploiting HTTP request smuggling to reveal front-end request rewriting](/portswigger/labs/request-smuggling/exploiting-reveal-front-end-request-rewriting)                   | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/exploiting/lab-reveal-front-end-request-rewriting)                      |
| [H2.CL request smuggling](/portswigger/labs/request-smuggling/advanced-request-smuggling-h2-cl-request-smuggling)                                                              | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-cl-request-smuggling)                 |
| [HTTP request smuggling, basic CL.TE vulnerability](/portswigger/labs/request-smuggling/basic-cl-te)                                                                           | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te)                                                        |
| [HTTP request smuggling, basic TE.CL vulnerability](/portswigger/labs/request-smuggling/basic-te-cl)                                                                           | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/lab-basic-te-cl)                                                        |
| [HTTP request smuggling, confirming a CL.TE vulnerability via differential responses](/portswigger/labs/request-smuggling/finding-confirming-cl-te-via-differential-responses) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/finding/lab-confirming-cl-te-via-differential-responses)                |
| [HTTP request smuggling, confirming a TE.CL vulnerability via differential responses](/portswigger/labs/request-smuggling/finding-confirming-te-cl-via-differential-responses) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/finding/lab-confirming-te-cl-via-differential-responses)                |
| [HTTP request smuggling, obfuscating the TE header](/portswigger/labs/request-smuggling/obfuscating-te-header)                                                                 | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/lab-obfuscating-te-header)                                              |
| [HTTP/2 request smuggling via CRLF injection](/portswigger/labs/request-smuggling/advanced-request-smuggling-h2-request-smuggling-via-crlf-injection)                          | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-smuggling-via-crlf-injection) |
| [HTTP/2 request splitting via CRLF injection](/portswigger/labs/request-smuggling/advanced-request-smuggling-h2-request-splitting-via-crlf-injection)                          | <span className="dbadge dbadge-medium">PRACTITIONER</span> | HTTP Request Smuggling | [Abrir](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection) |

## Rooms TryHackMe que practican HTTP Request Smuggling (3)

| Room                                                                 | Dificultad                                         | Tipo        | Acceso  | Oficial                                                   |
| -------------------------------------------------------------------- | -------------------------------------------------- | ----------- | ------- | --------------------------------------------------------- |
| [HTTP Request Smuggling](/tryhackme/rooms/httprequestsmuggling)      | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Abrir](https://tryhackme.com/room/httprequestsmuggling)  |
| [Request Smuggling: WebSockets](/tryhackme/rooms/wsrequestsmuggling) | <span className="dbadge dbadge-easy">MEDIUM</span> | Walkthrough | 🔵 VIP  | [Abrir](https://tryhackme.com/room/wsrequestsmuggling)    |
| [HTTP/2 Request Smuggling](/tryhackme/rooms/http2requestsmuggling)   | <span className="dbadge dbadge-easy">HARD</span>   | Walkthrough | 🟢 Free | [Abrir](https://tryhackme.com/room/http2requestsmuggling) |

***

← [Volver al glosario completo](/glosario)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"HTTP Request Smuggling","termCode":"request-smuggling","inLanguage":"es","url":"https://rootea.es/skills/request-smuggling","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Glosario táctico de pentesting","url":"https://rootea.es/glosario"}}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"ItemList","name":"Máquinas HTB que practican HTTP Request Smuggling","numberOfItems":1,"itemListElement":[{"@type":"ListItem","position":1,"url":"https://rootea.es/htb/machines/linux/insano/sink","name":"Sink"}]}`}
</script>

*Última actualización: 2026-06-07*
