Now as we see imagine we have this website

so let’s open our burpsuite and intercept this request

as we see i requested the main page and the response was 200 ok so let’s change the request method to post

as we see again i made a post request to the main page and got 200 ok response but notice the new header which is the Content-Length Header

now let’s try to add another mechanism called Transfer-Encoding and set it’s value to chunked

as we can see i added the transfer encoding header and set it’s value to chunked and add some other data so let’s analyze it

0 --> is used for termination on the first request and the begining of the smuggled one

GET /404 HTTP/1.1
X-Ignore: x 
this is the smuggled request which will be send to the backend server

so notice the response before sending the modified request it was 200 ok so let’s send this request

as we can see the we got 404 not found so we achieved our goal so let’s check if the lab solved

as we see we made it !