Diff between HTTP Splitting and HTTP Smuggling?
Can anyone tell me how is HTTP Splitting different from HTTP Smuggling?
Thanks in advance.
Re: Diff between HTTP Splitting and HTTP Smuggling?
I had to wiki the smuggling up. (learning new things is fun)
Smuggleing appears seems like an attack on machines that exist between you and the server that originates the content. Where as Splitting you're attacking the server itself.
So in a smuggling attack, you can present a victim with malicious information without them even touching the server who's content that they really want.
In splitting, the server that originates the content is actually processing the malicious request, but the request is in a way such that the headers get messed up causing malicious content to be injected.