Web application security · request smuggling & desync research

I'm J707 — a web app pentester focused on HTTP desync and edge case parser discrepancies. BSCP-certified, bug-bounty background.

raw-socket.py TCP 443
POST /login HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

username=admin'--&password=x
# security filter trusts the stated length, sees no body, skips inspection. Backend reads the socket and parses the body anyway

Experience

Several years of independent bug bounty work concentrated on web application security, with most of the PortSwigger Web Security Academy labs completed and a Burp Suite Certified Practitioner (BSCP) certification.

Tooling

http1.1

Scans a list of hosts for targets that are natively HTTP/1.1 and keep-alive friendly, the requirements for CSD.

recon_pipe.sh

Recon pipeline for subdomain discovery, DNS fingerprinting, and screenshotting live hosts.

Recent Writeups

Content-Length: 0 as a Body Inspection Bypass

Setting Content-Length to zero can get a security filter to skip inspecting the body while the backend still reads it.

View all writeups →

Contact

Email — email
GitHubgithub.com/yourhandle
LinkedInlinkedin.com/in/yourhandle