Http11Probe

TE-VTAB

Test ID SMUG-TE-VTAB
Category Smuggling
RFC RFC 9110 §5.5, RFC 9112 §6.1
Requirement MUST reject invalid transfer-coding token
Expected 400 or close

What it sends

Transfer-Encoding: <VTAB>chunked with Content-Length present.

POST / HTTP/1.1\r\n
Host: localhost:8080\r\n
Transfer-Encoding: \x0bchunked\r\n
Content-Length: 5\r\n
\r\n
hello

Why it matters

Control-character obfuscation is a known TE parsing differential. One hop can reject while another normalizes and parses differently.

Sources

Http11Probe — HTTP/1.1 compliance & smuggling testerSource on GitHub