{"id":1357,"date":"2024-06-28T01:26:17","date_gmt":"2024-06-28T01:26:17","guid":{"rendered":"https:\/\/hacking.cool\/?p=1357"},"modified":"2024-06-28T06:57:53","modified_gmt":"2024-06-28T06:57:53","slug":"http-request-smuggling-overview","status":"publish","type":"post","link":"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/","title":{"rendered":"HTTP Request Smuggling Overview"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"585\" src=\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5-1024x585.webp\" alt=\"\" class=\"wp-image-1361\" srcset=\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5-1024x585.webp 1024w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5-300x171.webp 300w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5-768x439.webp 768w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5-1536x878.webp 1536w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5.webp 1792w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>HTTP Request Smuggling occurs when an attacker exploits inconsistencies in how different web servers handle multiple HTTP requests sent in a single packet. This can lead to various types of attacks, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Session Hijacking:<\/strong> Hijacking other users&#8217; sessions by manipulating the way sessions are managed.<\/li>\n\n\n\n<li><strong>Cache Poisoning:<\/strong> Poisoning the web cache to serve malicious content to users.<\/li>\n\n\n\n<li><strong>Cross-Site Scripting (XSS):<\/strong> Injecting malicious scripts to be executed by users&#8217; browsers.<\/li>\n\n\n\n<li><strong>Bypassing Security Controls:<\/strong> Circumventing security mechanisms such as web application firewalls (WAFs).<\/li>\n<\/ul>\n\n\n\n<p>HTTP Request Smuggling typically exploits the difference in interpretation of Content-Length and Transfer-Encoding headers between two servers. By carefully crafting HTTP requests, attackers can trick one server into processing a request differently than another server, leading to unintended behaviors.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example Scenario<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Client to Proxy:<\/strong> The attacker sends an HTTP request to a proxy server (we may call it front-end server) with both <code>Content-Length<\/code> and <code>Transfer-Encoding: chunked<\/code> headers.<\/li>\n\n\n\n<li><strong>Proxy to Backend Server:<\/strong> The proxy might interpret the request using one of the headers (e.g., Content-Length), while the backend server interprets it using the other header (e.g., Transfer-Encoding).<\/li>\n\n\n\n<li><strong>Smuggled Request:<\/strong> This discrepancy can cause part of the request to be treated as a new, independent request by the backend server, thus &#8220;smuggling&#8221; the malicious request.<\/li>\n<\/ol>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"640\" src=\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/HTTPS_request_smuggling_____1-3-1024x640.webp\" alt=\"\" class=\"wp-image-1359\" style=\"aspect-ratio:1.6;width:706px;height:auto\" srcset=\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/HTTPS_request_smuggling_____1-3-1024x640.webp 1024w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/HTTPS_request_smuggling_____1-3-300x188.webp 300w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/HTTPS_request_smuggling_____1-3-768x480.webp 768w, https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/HTTPS_request_smuggling_____1-3.webp 1440w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>The way to detect this type of vulnerability is by craft HTTP requests with overlapping or conflicting headers and observe how they are processed by the web application.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example Payload<\/h3>\n\n\n\n<p>Here is an example of a crafted HTTP request to demonstrate HTTP Request Smuggling:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>POST \/ HTTP\/1.1\nHost: example.com\nContent-Length: 13\nTransfer-Encoding: chunked\n\n0\n\nPOST \/malicious HTTP\/1.1\nHost: example.com\nContent-Length: 5\n\nhello<\/code><\/pre>\n\n\n\n<p>In this example, if the proxy interprets the request as having a Content-Length of 13, but the backend server interprets it as chunked, the second <code>POST<\/code> request (<code>\/malicious<\/code>) may be processed as an independent request.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example Payload 2<\/h3>\n\n\n\n<p>Here is a more detailed look at the HTTP smuggling request:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>POST \/ HTTP\/1.1\nHost: vulnerable-website.com\nTransfer-Encoding: chunked\nContent-Length: 4\n\n1\nA\nX<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Headers Conflict<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Transfer-Encoding: chunked<\/strong>: Indicates that the body of the request will be sent in chunks.<\/li>\n\n\n\n<li><strong>Content-Length: 4<\/strong>: Specifies that the total length of the body is 4 bytes.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Breakdown of the Request Body<\/h3>\n\n\n\n<p>The body of the request looks like this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>1\nA\nX<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Understanding Chunked Transfer Encoding<\/h4>\n\n\n\n<p>In chunked transfer encoding, the body is sent in a series of chunks. Each chunk begins with its size in hexadecimal, followed by the data, and ends with a carriage return and line feed (<code>\\r\\n<\/code>). The message ends with a chunk of size <code>0<\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Front-End Server Behavior<\/h4>\n\n\n\n<p>The front-end server processes the <code>Content-Length<\/code> header, meaning it expects the body to be exactly 4 bytes long. Here\u2019s how it processes the body:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>1<\/strong> (1 byte): Indicates the size of the first chunk.<\/li>\n\n\n\n<li><strong>A<\/strong> (1 byte): The actual data of the first chunk.<\/li>\n\n\n\n<li><strong>\\n<\/strong> (1 byte): The newline character indicating the end of the chunk.<\/li>\n\n\n\n<li><strong>X<\/strong> (1 byte): Extra data.<\/li>\n<\/ul>\n\n\n\n<p>Thus, the front-end server reads 4 bytes: <code>1<\/code>, <code>A<\/code>, <code>\\n<\/code>, and <code>X<\/code>. It forwards these 4 bytes to the back-end server.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Back-End Server Behavior<\/h4>\n\n\n\n<p>The back-end server processes the <code>Transfer-Encoding: chunked<\/code> header. It expects the body to be in chunks. Here\u2019s how it interprets the received body:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>1<\/strong> (1 byte): Indicates a chunk of 1 byte.<\/li>\n\n\n\n<li><strong>A<\/strong> (1 byte): The actual data of the chunk.<\/li>\n\n\n\n<li><strong>\\n<\/strong> (1 byte): End of the chunk.<\/li>\n<\/ul>\n\n\n\n<p>At this point, the back-end server expects either more chunks or the terminating chunk (<code>0\\r\\n<\/code>). However, because it received only the 4 bytes forwarded by the front-end server, it doesn&#8217;t receive the termination signal for the chunks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Properly Terminated Chunked Message<\/h3>\n\n\n\n<p>A properly terminated chunked message looks like this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>1\\r\\n   \/\/ Chunk size (1 byte)\nA\\r\\n   \/\/ Chunk data\n0\\r\\n   \/\/ End of chunks (chunk size 0)\n\\r\\n    \/\/ End of message<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Resulting Behavior<\/h3>\n\n\n\n<p>Due to the conflict between the <code>Content-Length<\/code> and <code>Transfer-Encoding: chunked<\/code> headers, the following occurs:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Front-End Server<\/strong>: Reads and forwards exactly 4 bytes (<code>1A\\nX<\/code>) as per <code>Content-Length: 4<\/code>.<\/li>\n\n\n\n<li><strong>Back-End Server<\/strong>: Interprets the chunks but finds the message incomplete because it does not end with a <code>0\\r\\n<\/code> chunk, causing it to wait for more data.<\/li>\n<\/ol>\n\n\n\n<p>This mismatch causes the back-end server to wait indefinitely for the proper termination sequence, leading to an observable delay.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">References and Further Reading<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a>PortSwigger&#8217;s HTTP Request Smuggling<\/a><\/li>\n\n\n\n<li><a>OWASP HTTP Request Smuggling<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>HTTP Request Smuggling occurs when an attacker exploits inconsistencies in how different web servers handle multiple HTTP requests sent in a single packet. This can lead to various types of attacks, including: HTTP Request Smuggling typically exploits the difference in interpretation of Content-Length and Transfer-Encoding headers between two servers. By carefully crafting HTTP requests, attackers<span class=\"post-excerpt-end\">&hellip;<\/span><\/p>\n<p class=\"more-link\"><a href=\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/\" class=\"themebutton\">Read More<\/a><\/p>\n","protected":false},"author":3,"featured_media":1361,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1357","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>HTTP Request Smuggling Overview - hacking.cool<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HTTP Request Smuggling Overview - hacking.cool\" \/>\n<meta property=\"og:description\" content=\"HTTP Request Smuggling occurs when an attacker exploits inconsistencies in how different web servers handle multiple HTTP requests sent in a single packet. This can lead to various types of attacks, including: HTTP Request Smuggling typically exploits the difference in interpretation of Content-Length and Transfer-Encoding headers between two servers. By carefully crafting HTTP requests, attackers&hellip;Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/\" \/>\n<meta property=\"og:site_name\" content=\"hacking.cool\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-28T01:26:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-28T06:57:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1792\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Atom\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Atom\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/#website\",\"url\":\"https:\/\/hacking.cool\/atomanya\/\",\"name\":\"hacking.cool\",\"description\":\"is the hacking school \ud83d\udc69\ud83c\udffb\u200d\ud83d\udcbb\ud83e\uddd1\ud83c\udffb\u200d\ud83d\udcbb\ud83d\uddfa\ud83d\udcda\ud83d\udcd6\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hacking.cool\/atomanya\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/#primaryimage\",\"url\":\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5.webp\",\"contentUrl\":\"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5.webp\",\"width\":1792,\"height\":1024},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/\",\"url\":\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/\",\"name\":\"HTTP Request Smuggling Overview - hacking.cool\",\"isPartOf\":{\"@id\":\"https:\/\/hacking.cool\/atomanya\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/#primaryimage\"},\"datePublished\":\"2024-06-28T01:26:17+00:00\",\"dateModified\":\"2024-06-28T06:57:53+00:00\",\"author\":{\"@id\":\"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/804a839cfa61d89d69fb2cf1d2f0adc2\"},\"breadcrumb\":{\"@id\":\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hacking.cool\/atomanya\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HTTP Request Smuggling Overview\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/804a839cfa61d89d69fb2cf1d2f0adc2\",\"name\":\"Atom\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ac4d05ec7d617e7f2dee5855900a855a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ac4d05ec7d617e7f2dee5855900a855a?s=96&d=mm&r=g\",\"caption\":\"Atom\"},\"url\":\"https:\/\/hacking.cool\/atomanya\/author\/atom\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HTTP Request Smuggling Overview - hacking.cool","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/","og_locale":"en_US","og_type":"article","og_title":"HTTP Request Smuggling Overview - hacking.cool","og_description":"HTTP Request Smuggling occurs when an attacker exploits inconsistencies in how different web servers handle multiple HTTP requests sent in a single packet. This can lead to various types of attacks, including: HTTP Request Smuggling typically exploits the difference in interpretation of Content-Length and Transfer-Encoding headers between two servers. By carefully crafting HTTP requests, attackers&hellip;Read More","og_url":"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/","og_site_name":"hacking.cool","article_published_time":"2024-06-28T01:26:17+00:00","article_modified_time":"2024-06-28T06:57:53+00:00","og_image":[{"width":1792,"height":1024,"url":"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5.webp","type":"image\/webp"}],"author":"Atom","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Atom","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/hacking.cool\/atomanya\/#website","url":"https:\/\/hacking.cool\/atomanya\/","name":"hacking.cool","description":"is the hacking school \ud83d\udc69\ud83c\udffb\u200d\ud83d\udcbb\ud83e\uddd1\ud83c\udffb\u200d\ud83d\udcbb\ud83d\uddfa\ud83d\udcda\ud83d\udcd6","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hacking.cool\/atomanya\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/#primaryimage","url":"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5.webp","contentUrl":"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5.webp","width":1792,"height":1024},{"@type":"WebPage","@id":"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/","url":"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/","name":"HTTP Request Smuggling Overview - hacking.cool","isPartOf":{"@id":"https:\/\/hacking.cool\/atomanya\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/#primaryimage"},"datePublished":"2024-06-28T01:26:17+00:00","dateModified":"2024-06-28T06:57:53+00:00","author":{"@id":"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/804a839cfa61d89d69fb2cf1d2f0adc2"},"breadcrumb":{"@id":"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hacking.cool\/atomanya\/http-request-smuggling-overview\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hacking.cool\/atomanya\/"},{"@type":"ListItem","position":2,"name":"HTTP Request Smuggling Overview"}]},{"@type":"Person","@id":"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/804a839cfa61d89d69fb2cf1d2f0adc2","name":"Atom","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hacking.cool\/atomanya\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ac4d05ec7d617e7f2dee5855900a855a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ac4d05ec7d617e7f2dee5855900a855a?s=96&d=mm&r=g","caption":"Atom"},"url":"https:\/\/hacking.cool\/atomanya\/author\/atom\/"}]}},"jetpack_featured_media_url":"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/06\/ef9a20c6-1638-4c5e-8049-cb04f67b80b5.webp","_links":{"self":[{"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/posts\/1357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/comments?post=1357"}],"version-history":[{"count":4,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/posts\/1357\/revisions"}],"predecessor-version":[{"id":1364,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/posts\/1357\/revisions\/1364"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/media\/1361"}],"wp:attachment":[{"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/media?parent=1357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/categories?post=1357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hacking.cool\/atomanya\/wp-json\/wp\/v2\/tags?post=1357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}