False Negative with Scanner - Reopened

[Himself132]

Referring to #78 which was closed due to a lack of my response to your question.

Please load the old extension or look at the test cases I provided, the test cases that are being submitted with POST as the parent method and TRACE as the smuggled method are still not being tested so there are false negatives in the new version of the http smuggler extension, even one i just checked out today dated September 10, 2025.

I think HTTP method tests are going to hit entirely different code paths than an HTTP version check and potentially different portions of tech stacks supporting the HTTP traffic on the receiving side. So I'd suggest including both gadget tests and please incorporate the previous test cases I documented or that show up in the old extension?

[albinowax]

Would you be willing to email me the unredacted base request you're scanning and getting a false negative on? I can't easily take this further without details. You can find my email address on jameskettle.com

[Himself132]

I can provide whatever you need via email, yes

[albinowax]

Great, please send to to the email address listed on https://jameskettle.com/