Web application security · request smuggling & desync research
I'm J707 — a web app pentester focused on HTTP desync and edge case parser discrepancies. BSCP-certified, bug-bounty background.
POST /login HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Content-Length: 0 username=admin'--&password=x # security filter trusts the stated length, sees no body, skips inspection. Backend reads the socket and parses the body anyway
Experience
Several years of independent bug bounty work concentrated on web application security, with most of the PortSwigger Web Security Academy labs completed and a Burp Suite Certified Practitioner (BSCP) certification.
Tooling
http1.1
Scans a list of hosts for targets that are natively HTTP/1.1 and keep-alive friendly, the requirements for CSD.
recon_pipe.sh
Recon pipeline for subdomain discovery, DNS fingerprinting, and screenshotting live hosts.
Recent Writeups
Content-Length: 0 as a Body Inspection Bypass
Setting Content-Length to zero can get a security filter to skip inspecting the body while the backend still reads it.