0

For testing purposes I want to make some invalid HTTP requests, e.g. Content-Length header smaller than the real body size and also the other way (Content-Length header larger than the real body size).

I tried with the .NET HttpClient, but the client does some checks on it's client side, so I end up with

System.Net.Http.HttpRequestException: Unable to write content to request stream; content would exceed Content-Length.

respectively

System.Net.Http.HttpRequestException: Unable to write content to request stream; content would exceed Content-Length.

Any way to turn this checks of or any HttpClient implementations for C#/.NET that just do what I want?

stefan.at.kotlin
  • 15,347
  • 38
  • 147
  • 270
  • Why are you writing a test-case for this scenario? I don't feel it's worth anyones' time because in production the parent webserver host (e.g. IIS), or its reverse-proxy, load-balancer, or WAF is going to filter-out invalid requests like these long before they hit your application code. Do you have an _evidence-based_ reason for wanting this test? – Dai Jul 01 '23 at 19:33
  • I want to check if the server really does that check. – stefan.at.kotlin Jul 01 '23 at 19:43
  • ...but _why_, though? I just don't think this is a good use of your time... – Dai Jul 01 '23 at 19:56
  • Actually, testing for vulnerabilities like http request smuggling is a very real usecase. – Gabor Lengyel Jul 01 '23 at 23:27

0 Answers0