add AutoChunk httpsender script

[nmwafa]

this script is used to correct the wrong chunk data format when sending requests. it can be used for testing HTTP request smuggling.

[psiinon]

Checkmarx One – Scan Summary & Details – d3057970-e83f-4880-b44a-53d6a8bb9c39

Great job! No new security vulnerabilities introduced in this pull request

---

Communicate with Checkmarx by submitting a PR comment with @Checkmarx followed by one of the supported commands. Learn about the supported commands here.

[psiinon]

@nmwafa can you explain when this script could or should be used?
Are you saying that ZAP is sending the wrong chunk data in some circumstances?

[nmwafa]

@nmwafa can you explain when this script could or should be used? Are you saying that ZAP is sending the wrong chunk data in some circumstances?

I have once asked about this in the group on Google.
https://groups.google.com/g/zaproxy-users/c/RBcmvt9KMks/m/EqXZQOFNCAAJ

[thc202]

It's well known that the text editor does not display CR, still you can craft payloads with CRs (in HEX view or other editor and paste to ZAP) without resorting to this script.

[nmwafa]

@thc202 I have tried copying and pasting from another editor and ensured that the CRLF is correct, but Zap removes the CR. It can only be modified through HEX (which is quite a hassle for me).