req_smuggling.html

<!DOCTYPE html>
<!-- 

      This simple page will calculate Content-Length and chunked Transfer-Encoding values for a given text. This is aiding HTTP Request smuggling. 
      https://portswigger.net/web-security/request-smuggling

-->
<html>
<head>
<style>
* {
  box-sizing: border-box;
}

/* Create two equal columns that floats next to each other */
.column {
  float: left;
  width: 300px;
  padding: 10px;
  word-wrap: break-word;
}

/* Clear floats after the columns */
.row:after {
  content: "";
  display: table;
  clear: both;
  white-space: pre;
}
</style>
</head>
<body>

<form>
  <p><label for="w3review">Data:</label></p>
  <textarea placeholder="enter body here" name="inputbox" rows="4" cols="50" autofocus></textarea>
  <br><p>
  <input type="button" NAME="button" Value="Process" onClick="process(this.form)">
</form>

<br>


<div class="row">
  <div id=1 class="column" style="background-color:#aaaccc;">
  Content-Length: 0
  <br><br>
  </div>
  <div id=2 class="column" style="background-color:#aaaaff;">
  Transfer-Encoding: chunked
  <br><br>
  0
  <br><br>
  </div>
</div>

</body>
<script>
function clean(data){
  data = data.replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/\n/g,'<br>');
  return data;
}

function process(form){
  var data = form.inputbox.value;
  var l = data.replace(/\n/g,'\r\n').length;
  if (l>0) {
    document.getElementById(1).innerHTML = "Content-Length: " + l + "<br><br>" + clean(data) + "<br><br>";
    document.getElementById(2).innerHTML = "Transfer-Encoding: chunked<br><br>" + l.toString(16) + "<br>" + clean(data) + "<br>0<br><br>";
    }
}
</script>
</html>