I’m attempting to know extra about HTTP Request Smuggling and I’ve been studying this text (https://portswigger.web/web-security/request-smuggling). Content material-Size represents the size of the entity-body in bytes (https://developer.mozilla.org/en-US/docs/Internet/HTTP/Headers/Content material-Size) however the place does the counting begin?
Portswigger instance (CL.TE)
POST / HTTP/1.1 Host: vulnerable-website.com Content material-Size: 13 Switch-Encoding: chunked 0 SMUGGLED
How was 13 derived? If I rely the newlines earlier than Zero and between Zero and “SMUGGLED”, the overall is 12? Do I rely the newline after “Switch-Encoding: chunked” as nicely?
Portswigger instance (TE.CL)
POST / HTTP/1.1 Host: vulnerable-website.com Content material-Size: 3 Switch-Encoding: chunked 8 SMUGGLED 0
Equally, the place do I begin the counting?
Any assistance is appreciated.