Anthropic-Cybersecurity-Skills/skills/exploiting-http-request-smuggling/references/api-reference.md

API Reference: HTTP Request Smuggling Detection Agent

Dependencies

Library	Version	Purpose
requests	>=2.28	Architecture fingerprinting via HTTP headers
socket/ssl	stdlib	Raw HTTP request construction for smuggling probes

CLI Usage

python scripts/agent.py --url https://target.example.com/ --output smuggling.json

Functions

identify_architecture(url) -> dict

Sends a GET request and inspects Server, Via, X-Served-By, CF-Ray headers to identify proxy/CDN chain.

send_raw_request(host, port, request_bytes, use_ssl, timeout) -> tuple

Low-level socket send for crafting ambiguous HTTP requests. Returns (response_bytes, elapsed_seconds, error).

test_clte_detection(host, port, use_ssl) -> dict

Sends a CL.TE probe with mismatched Content-Length and incomplete chunked body. A response delay >5s suggests vulnerability.

test_tecl_detection(host, port, use_ssl) -> dict

Sends a TE.CL probe. Back-end reading Content-Length receives extra data that becomes the next request prefix.

test_te_te_detection(host, port, use_ssl) -> dict

Tests 5 Transfer-Encoding header obfuscation variants to detect differential parsing.

run_assessment(url) -> dict

Orchestrates all tests and compiles results.

Smuggling Types

Type	Front-End Uses	Back-End Uses	Detection
CL.TE	Content-Length	Transfer-Encoding	Time delay on incomplete chunk
TE.CL	Transfer-Encoding	Content-Length	Extra data becomes next request
TE.TE	Transfer-Encoding	Transfer-Encoding	Obfuscated TE header parsed differently

Output Schema

{
  "target": "https://target.example.com/",
  "architecture": {"server": "nginx", "cdn": "Cloudflare"},
  "tests": {"CL.TE": {"likely_vulnerable": false}, ...},
  "summary": {"clte_vulnerable": false, "tecl_vulnerable": false}
}