HTTP request smuggling exploits disagreement between a front-end proxy and a back-end server about where one request ends and the next begins. By crafting ambiguous Content-Length and Transfer-Encoding headers, an attacker can prepend a hidden request to another user's connection, enabling cache poisoning, request hijacking, and bypass of front-end access controls.
The HTTP Request Smuggling generator constructs both desync variants: CL.TE where the front-end uses Content-Length and the back-end uses Transfer-Encoding, and TE.CL where the roles reverse, plus TE.TE payloads that obfuscate the Transfer-Encoding header (for example Transfer-Encoding: xchunked or a space before the colon) to make one server ignore it.
When a front-end speaks HTTP/2 but downgrades to HTTP/1.1 for the back-end, it must rebuild headers and can reintroduce desync via H2.CL or H2.TE mismatches, or via CRLF injection in header values. The generator produces these downgrade payloads so you can test back-ends that are vulnerable only through the rewriting step.
Yes, it is free and assembles every raw request entirely in your browser, sending nothing to a server. Smuggling can disrupt shared infrastructure, so only fire these payloads at systems you own or are explicitly authorized to test under an engagement.