Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling

Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes there's actually a real

---
来源: PortSwigger
原文链接: https://portswigger.net/research/how-to-distinguish-http-pipelining-from-request-smuggling