Parsing issue | Transfer-Encoding: chunked

muq_ash · 02-21-2024 01:47 AM

I have a target endpoint which is up and running. When I try to map the endpoint on Apigee, I am getting junk response with 403 http status code as follows:

My assumption as per this article is that the error is occurring because Apigee is unable to parse the Transfer-Encoding: chunked header. The response headers of the target are as follows:

If we are unable to remove the header or set it to any other value, what could be the way around? How else can we get 200 response from the target?

dchiesa1

@muq_ash wrote:

I am getting junk response with 403 http status code

It seems like the target is rejecting the authentication in the request sent from Apigee to the target. The response is not "junk" , it's a 403 response in HTML. And 403 means "Forbidden".

I don't know about the HTTP Smuggling exploit you cited. Why would you think that is relevant?

What authentication are you sending, and is it the correct authentication? start by checking there.

muq_ash

Thank you @dchiesa1 for your response.

@dchiesa1 wrote:
Why would you think that is relevant?

I encountered a similar issue due to the Transfer-Encoding: chunked header. When the header was removed from the target, I was able to get successful response on Apigee.

@dchiesa1 wrote:
What authentication are you sending, and is it the correct authentication? start by checking there.

There is no authentication implemented at the target. The service is exposed over the internet. I have developed a simple passthrough API without attaching any policies to test and still getting 403 error.

I am also sharing the API trace for more details: