Burp certification - unable to validate 7/7 specific labs, stuck at 6/7

- 23/23 lab of each subject - 5/5 mystery labs - 1/1 practice exam However, I'm stuck with 6/7 … I've done 3 times each of these specific labs, I'm still stuck at 6/7.

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

Windows 7

What is the latest version of Burp Suite Pro Comaptible with Windows 7 SP1?

Hi, The latest version of Burp Professional (2020.12) should be compatible with Windows 7 SP1 as long

Lab: Modifying serialized data types - Debug dumps tokens

p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

No more activation allowed for this license

ライセンスキーを入力後、以下メッセージが出力します。 "No more activation allowed for this license" サポートをお願いいたします。

PHP deserialization: Signature does not match

receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2

No more activation allowed for this license

ライセンスキーを入力後、以下メッセージが出力します。 "No more activation allowed for this license" サポートをお願いいたします。

BurpSuite Pro導入済端末からライセンス登録されているユーザ情報の確認

BurpSuite Pro導入済の端末が紐づけられているライセンスのユーザを確認したいです。 どのような手順でライセンスを保持しているユーザを確認するすることができるでしょうか。

Lab: Exploiting HTTP request smuggling to capture other users' requests-- not solving

HTTP/1.1 Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 277 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded … Cookie: session=iHYDUuNmTs9b7ShaCEmRBOelvPziCAjp csrf=uWmPlPe18wP9v3eDxqZ9LX5xhe6nez67&postId=7&

No more activation allowed for this license

ライセンスキーを入力後、以下メッセージが出力します。 "No more activation allowed for this license" サポートをお願いいたします。

Lab: Modifying serialized data types

PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 … Stack trace: #0 {main} thrown in /var/www/index.php on line 7" What is it that i'm doing wrong?

Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 … Stack trace: #0 {main} thrown in /var/www/index.php on line 7" The /admin/delete?

PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 … Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Can anyone help me?

PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 … Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Can anyone help me?

74%39 Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 ??

this error: Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 Then, what I did is:

Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4:"User":2

Request Smuggling - Lab does not work

0a5900b7040dfb4fc1db8f1c005d0093.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded … HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 999 Cookie: session=16gRRn6OyG4I9nMQgFEQ1IzbXd7CNPE8 csrf=3fpHaW38HOFKvaNEitgqJWqjvADUgNAM&postId=7&

HTTP/1.1 Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

OpenJDK 7 Multiple Vulnerabilities

The version of OpenJDK installed on the remote host is prior to 7 <= 7u351 / 8 <= 8u342 / 11.0.0 <= 11.0.16

1.7.17

Windows 7, full exe install

varfile for unattended installs

That should read RHEL 7

Cant intercept request in Android 7

So I've installed cert in system root device. i can see PortSwigger in System Trusted credentials. I've set proxy in burp suite with port 8080 and bind to address all interfaces. I've set proxy in my emulator with ip address...

Burp crashes, asking for license key on relaunch

x64 Windows 7.

Burp UI not working in CentOS 7

The AWS instance has CentOS 7 operating system.

HTTP Request Smuggling

responses" is given as "POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … server was given as "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … should be like this: "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Content-Length: 146 x=POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, basic TE.CL vulnerability

i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: CSRF where token is tied to non-session cookie

Cookie: session=**************; csrfKey=************************* Content-Type: application/x-www-form-urlencoded … session=*******************; csrfKey=<<"obtained CSRF cookie HERE">> Content-Type: application/x-www-form-urlencoded … ****; csrfKey=*************************** Referer: https://LAB_ID.web-security-academy.net/ 7.

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP Request Smuggling

portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

ca certificate

The URL is http://burp/ - there's no www.

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded … username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

Incorrect path reported in target sitemap

are probably problematic too), for example '<link rel="stylesheet" href="あ/style.css" />': # mkdir www … meta charset="utf-8"><link rel="stylesheet" href="あ/style.css" /></head><body>test</body></html>' > www … /www:/usr/share/nginx/html:ro -p 5000:80 -d nginx 2) browse through Burp to the created webpage (http … java.runtime.name OpenJDK Runtime Environment java.runtime.version 21.0.4+7- … https://github.com/adoptium/adoptium-support/issues java.vendor.version Temurin-21.0.4+7

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com … : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com

Lab 1 Directory traversal(File path traversal, simple case)

3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www … /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal

Lab: HTTP request smuggling, basic TE.CL vulnerability

provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

0, which is the size of the next chunk in bytes): 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Error In php Code

is-warning>PHP Fatal error: Uncaught Exception: Signature does not match session in Command line code:7 … Stack trace: #0 {main} thrown in /var/www/index.php on line 7</p> <!

is-warning>PHP Fatal error: Uncaught Exception: Signature does not match session in Command line code:7 … Stack trace: #0 {main} thrown in /var/www/index.php on line 7</p> <!

Bug in Lab

error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

HTTP request

POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

interface catastrophically broken in recently updated Debian 7

BURP Version: 1.6.09 Debian version: 7.8 (Wheezy) JRE: both OpenJDK and Oracle JRE XOrg Server: both XVFB and QXL Invocation: java -jar ./burpsuite_pro_v1.6.09.jar Mode of failure: Burp Suite windows do not...

Lab: HTTP request smuggling, basic TE.CL vulnerability

Please see below: POST / HTTP/1.1 Host: <lab-ID>.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a55001804a184ac82e056fd001300f2.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab Not Working Properly

HTTP/1.1 Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: aca71f681fe0a61c80c01e0d01930066.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: ac7a1f911ef7995e80d3ec5300020083.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-acab1f4f1e8899f38092ec9101ef005c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to perform web cache poisoning - Not getting results.

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Lab: Arbitrary object injection in PHP

burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5

Missing parameter in HTTP Smuggling request lab

HTTP/1.1 Host: 0a3a008503e2d7a7c03e1b91006c0030.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab Not Responding

HTTP/1.1 Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to capture other users' requests

the lab POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, obfuscating the TE header

response when i sent this request POST / HTTP/1.1 Host: my lab id Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Sort entries in the site map by domain components before hostname

com.host1.www com.host1.www1 com.net2.www even though the hostnames are actually displayed as expected

HTTP request smuggling, basic TE.CL vulnerability Lab Queries.

HTTP/1.1 Host: 0a7600cc04f7bab6802e1c2500f700ad.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36 Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Connection: keep-alive 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to capture other users' requests

acc91f4d1faf6485c0b70322000b009b.web-security-academy.net Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU Content-Type: application/x-www-form-urlencoded … Transfer-encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Length: 600 Content-Type: application/x-www-form-urlencoded

Different URLs in Target: Request, Raw and Site map URL

Here is what is shown in the Site map window right above (list of all URLs): https://www. … id=WEB87431-20150616190 HTTP/1.1 Same with: https://www._something_ com/ - GET - /bp_chart.php?

Burp Proxy Conection Issue with Black Berry 7 Devices

Hi; We are using burp Pro Version of 1.6.27. In the Security Assesment we are not able to connect with BB7 Device like the Burp Proxy is not connected the BB7 device and it not intercepting. We are using BB7-9320...

Unable to intercept SSL traffic for Android 7 & above

The version of android we are using are 7, 8, 9.

invisible proxy

Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www

LAB: Exploiting HTTP request smuggling to perform web cache poisoning

I'll past the request: POST / HTTP/1.1 Host: victimhost Content-Type: application/x-www-form-urlencoded … postId=1 HTTP/1.1 Host: exploitserver Content-Type: application/x-www-form-urlencoded Content-Length

Lab Issues: Exploiting HTTP request smuggling to deliver reflected XSS

Exploit: ``` POST / HTTP/1.1 Host: my-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … postId=5 HTTP/1.1 User-Agent: a"/><script>alert(1)</script> Content-Type: application/x-www-form-urlencoded

HTTP smuggling

vulnerabilities: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Academy Leaning Material minor mistake on "Finding HTTP request smuggling vulnerabilities" page.

reads as below: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Problem with "Lab: HTTP request smuggling, basic CL.TE vulnerability"

Target' details on the top right. 6.Right click on the request and select 'Smuggle attack (CL.TE)'. 7. … By changing the 'prefix' variable in step 7, you can solve all the labs and virtually every real-world … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 60 POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded … POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters) Content-Type: application/x-www-form-urlencoded

Content-length: 4 Transfer-Encoding: chunked 5f POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab - Modifying serialized objects login fuction not working properly?

PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request … https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded … is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php&apos;) in /var/www/index.php on line 1</p> </div> </section

use burp suite

https://www.?elp.com

Burp scanner ignores scan configuration exclusion lists

/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1 Host: www..... … Connection: close Content-Length: 3002 X-Single-Page-Navigation: true Origin: https://www.....

An incorrect example in the "Exploiting HTTP request smuggling" section on the Web Security Academy.

Transfer-Encoding: chunked 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … supposed to be: 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Broken chunked-encoding

like Gecko) Chrome/88.0.4324.150 Safari/537.36 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded … keep-alive 96 GET /404 HTTP/1.1 X: x=1&q=smugging&x= Host: example.com Content-Type: application/x-www-form-urlencoded

Solution not functional: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses"

HTTP/1.1 Host: 0a4c00f10450f67f802cd1480095009f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic TE.CL vulnerability

document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded … postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0 … postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

Intercept SSL traffic for Android Nougat 7 and above version.

file in application folder and recomiple every time while doing security testing in Android Nougat 7

Burp Suite v2023.9.1 + rooted android 7 and 8 certificate unknown

Testes as well with a Android 7 Hafury Mix with user certificate installed the old way.

Exploiting PHP deserialization with a pre-built gadget chain payload

is-warning>PHP Fatal error: Uncaught Exception: Signature does not match session in Command line code:7 … Stack trace: #0 {main} thrown in /var/www/index.php on line 7</p> <!

Lab: Exploiting HTTP request smuggling to capture other users' requests

HTTP/1.1 Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Content-Length: 251 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Incorrect Issue Type/Advisory Finding & Remediation

As such, it is recommended to set the header as X-XSS-Protection: 0" Reference https://owasp.org/www-project-secure-headers

Modifying serialized objects

this - Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4.

Proxy connection closed

7f2f9e055a74df967116223c431c9ffc=qub7j1cc8bi084gvtd3p2b1q84 Connection: close Content-Type: application/x-www-form-urlencoded

BCheck SQLi bypass autentication

: 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded

: 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded … : 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded

why there is an empty line after Content-Length header in http smuggle attacks?

for example : POST /search HTTP/1.1 Host: normal-website.com Content-Type: application/x-www-form-urlencoded

HTTP request Smuggling CL.TE LAB

HTTP/1.1 Host: 0a120052048d10f0c0b07c7700c300bb.web-security-academy.net Content-Type: application/x-www-form-urlencoded

solution : POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic CL.TE vulnerability

HTTP/1.1 Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net Content-Type: application/x-www-form-urlencoded

0a3500f90359495b811ec02e002700bc.web-security-academy.net\r\n Connection: keep-alive\r\n Content-Type: application/x-www-form-urlencoded

Advanced Target Scope - Load File

.*\.example\.com\/* test\.net\/path\/here\/* www\.test\.net\/* -----------

Burp Scaner with form credentials

The Content-Type is: application/x-www-form-urlencoded

Lab: CSRF where token is not tied to user session

https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded

how do we calculate value for tranfer encoding??

username=carlos HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length

username=carlos HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length

Upload File to Burp Collaborator

Hi, It looks like you are trying to achieve what is described in the articles below: - https://www

multiple request headers in burpsuite community edition v2023.7.2

Cookie: session=8aVCM2qExzt0Y2t1AJ4WhRIKozqAYedJ Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Username enumeration via response timing

0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded … 0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded

unable to intercept traffic on android 7+ if using browser or webview apps

configuring-burp-suite-with-android-nougat/ and now i'am able to intercept the request using burp on android 7+

Lab: HTTP request smuggling, basic CL.TE vulnerability

Connection: keep-alive Content-Length: 10 Transer-Encoding: chunked Content-Type: application/x-www-form-urlencoded

Lab: CL-TE request smuggling lab is not working with the official solution.

0ac000af04eed935c3233d650017001f.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Lab: CL-TE request smuggling lab is not working with the official solution

HTTP/2 Host: 0a6f004904bb0b7282f5067100c70057.web-security-academy.net Content-Type: application/x-www-form-urlencoded

DOM-based open redirection

burp-suite-explain-dom-based-open-redirection - https://portswigger.net/support/using-burp-to-test-for-open-redirections - https://owasp.org/www-pdf-archive

Remove Java JRE 1.9.0_4 on Burp Suite Enterprise Edition v2021.11

We re-installed Burp Suite enterprise version 2021-11 on RHEL 7.

Unable to solve: Lab: Exploiting HTTP request smuggling to perform web cache poisoning

/1.1 Host: abcdabcdabcdabcdabcdabcdabcdabcde.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: exploit-exploitexploitexploitexploitexpl.exploit-server.net Content-Type: application/x-www-form-urlencoded

Scanner "X-Forwarded-For dependent response" check alters Content-Type?

Accept-Encoding: gzip, deflate X-CSRFToken: I7qjj8Iz3XwEEwu2gL4ZcePHMdNjOUD6 Content-Type: application/x-www-form-urlencoded … Connection: close X-Forwarded-For: 127.0.0.1 Notice the change to "Content-Type: application/x-www-form-urlencoded

HTTP1.1 replaced by HTTP/2 in response header?

Every time I send POST / HTTP/1.1 Host: ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded

"Lab: HTTP request smuggling, basic TE.CL vulnerability" need help in understanding

HTTP/1.1 Host: ac2f1f0e1ea3d02180733e8600de008b.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Server-side pause-based request smuggling ISSUE

web-security-academy.net Cookie: session=mAbLimPqmVB5vNGU7notqlDu7ZCsW8O4 Content-Type: application/x-www-form-urlencoded

0a9500d103b3bce3804ce9c5006a0004.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Impossible to use burp.

We've tested this using Windows 7 Ultimate and could not replicate your issue.

Logic error in lntruder module

KHTML, like Gecko) Version/4.0 Chrome/75.0.3770.143 Mobile Safari/537.36 Content-Type: application/x-www-form-urlencoded … KHTML, like Gecko) Version/4.0 Chrome/75.0.3770.143 Mobile Safari/537.36 Content-Type: application/x-www-form-urlencoded

Burp Pro Crashes Immediately Upon Start

Reloaded Win 7, still displays same behavior. … Burp will not load/run on Win 7 or Win 10 on this hardware using several versions of JRE (1.6 up to latest … Burp WILL run in a VM (Win 7 & 10) on this hardware. Any chance a dump file would be useful?

burp doesn't take history like this path #something.php?image=photo.jpg

Directory/path traversal vulnerabilities do not usually take this into account: - https://owasp.org/www-community

Create an SSL cert with Certbot for a private collaborator server

certbot certonly --webroot -w /var/www/bc.mydomain -d bc.mydomain I get: Invalid response from http

Need help with password cracking

br X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb X-Instagram-AJAX: 1 Content-Type: application/x-www-form-urlencoded … br X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb X-Instagram-AJAX: 1 Content-Type: application/x-www-form-urlencoded

Design new extension - Problem with buildRequest and URL Encode

script>alert(1)</script> Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded … http://127.0.0.1/a.php Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Lab : Modifying serialized data types. Bug Decoder?

of the video I get this error : PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 I understand that

can't solve lab 'Exploiting time-sensitive vulnerabilities' - invalid token

0af100d8041a969e80e33fd60088007d.web-security-academy.net Dnt: 1 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded … 0af100d8041a969e80e33fd60088007d.web-security-academy.net Dnt: 1 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to perform web cache deception NOT WORKING

HTTP/1.1 Host: ac921f9e1e43510980d00f8c0079000b.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Burpsuite 2.0.0.5 Beta - SocketException on crawls and audits

redirected to the secure version so that's not exactly helpful), and oftentimes, subdomains other than www

Extension load error code

os win 7 java 8 update 231 java se development 13 jython 2.7.1

Burp Does Not Redirect

<FORM NAME="AUTOSUBMIT" METHOD="POST" ENCTYPE="application/x-www-form-urlencoded" ACTION="https://...

TE.CL smuggling labs - official solutions do not work

Connection: keep-alive Transfer-Encoding: chunked 5b GLOOL / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

'Drop all out-of-scope requests' not behaving as expected

Add an entry, protocol 'Any', Host or IP range '^www\.google\.com$', leave the rest blank 3.

Missing PHP Code Injection Detection

module=login&method=loginForm Content-Type: application/x-www-form-urlencoded Content-Length: 63 Cookie

module=login&method=loginForm Content-Type: application/x-www-form-urlencoded Content-Length: 63 Cookie

project file stops populating proxy history

My environment: Windows 7 guest in VirtualBox, the host is a debian.

2FA bypass using a brute-force attack

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Send request in the same connection turbo intruder

req POST / HTTP/1.1 Host: example.com Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic CL.TE vulnerability (Help for a noob)

1.1 Host: yourclientid.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Burp does not set SNI on the outgoing connection to an SSL enabled web server

Tested Version: 1.7.23 Free Tested Platform: Windows 7 SP1 What is holding up this fix??? … While it is true that Java 7+ will automatically add SNI hostnames to the handshake, there are situations … that the browser can correctly access a SNI-enabled site through the LittleProxy upstream proxy. 7.

Bug in Site map tab while showing only items in scope.

browse to the URL www.sapo.pt In the scope I have reg exp with: Protocol: HTTP Host or IP: ^www

Disable content type changes

further investigation it appears to be a result of Burp rewriting the content type from 'application/x-www-form-urlencoded

lab question

<form id="my_form" action="/post/comment" method="POST" enctype="application/x-www-form-urlencoded">

HTTPRQ Lab - Exploiting HTTP request smuggling to deliver reflected XSS

HTTP/1.1 Host: ac231f491feb99a4807c00a50038000f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: ac231f491feb99a4807c00a50038000f.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Burpsuite error or using incorrectily

0 Upgrade-Insecure-Requests: 1 Origin: https://www.kkkkkkkk.com Content-Type: application/x-www-form-urlencoded

Username enumeration via response timing problems with X-Forwarded-For header

Upgrade-Insecure-Requests: 1 Origin: https://asdsdasdasd.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Excel Macro & Burp

compatible; MSIE 6.0; Windows NT 5.0)" objHTTP.setRequestHeader "Content-type", "application/x-www-form-urlencoded

websockets 'Send to' repeater & intruder

Yikes, 7 years and this feature is still not possible to send WS messages to intruder :(

Cert expiration time

This happens on apps using Chrome as a web-frame on Android 7.

Valid XSS not reporting in issues ? Is it me?

max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://testphp.vulnweb.com Content-Type: application/x-www-form-urlencoded

SSL SNI not used with upstream proxy

Tested Version: 1.7.23 Free Tested Platform: Windows 7 SP1 The issue of Burp not sending SNI in SSL … While it is true that Java 7+ will automatically add SNI hostnames to the handshake, there are situations … that the browser can correctly access a SNI-enabled site through the LittleProxy upstream proxy. 7.

Lab: Exploiting HTTP request smuggling to perform web cache deception (Solution incorrect)

POST / HTTP/1.1 Host: xxx-your-lab-id-xxx.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Dragger not showing after 200 requests

Just wanted to report also having this issue on the Numbus look/feel with the Windows 7 system, changing

Temporary file disk usage and dedicated temp file drives

Thank you very much for responding about this. 1) 32-bit Windows 7, Java 1.6, Burp Suite Free Edition

Genymotion android emulator TLS error

Hi, What version of Android are you running and, if the version is 7 or above, have you installed the

Allowing the symbol "&" to be part of a string, instead of being something else

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Content-Type: application/x-www-form-urlencoded

SSO with microsoftonline.com

sXXX0T-HXXXxb-FXXXH_cfXXX6-KHXXXX81&cbcxt=&username=USER%40ENTERPRISE_OFFICE_DOMAIN.com&mkt=&lc= with a www-form-urlencoded … ENTERPRISE_OFFICE_DOMAIN.com mkt lc This is followed by a POST to ttps://login.microsoftonline.com/login.srf with www-form-urlencoded

HTTP Request Smuggling POST Request with Body

a GET request: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

XSS False positive

fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded

Unable to build http request with header

103.0.5060.134 Safari/537.36, Connection: close, Cache-Control: max-age=0, Content-Type: application/x-www-form-urlencoded

No Host header in https://portswigger.net/web-security/host-header/exploiting/lab-host-header-authentication-bypass

u=1 te: trailers content-type: application/x-www-form-urlencoded

Missed SQL Injection

=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

trouble installing

Linux kali 4.19.118-Re4son-v81+ #1 SMP PREEMPT Thu May 7 02:54:03 UT 2020 aarch64 GNU/Linux The jar

Lab: 2FA bypass using a brute-force attack doesn't get me a 302

Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Adding X-Forwarded-For to bypass IP based brute force protection

https://acaf1f021f283a268092b4c2004c008d.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Hey, I'm having an error when launching payload

id=wiener Content-Type: application/x-www-form-urlencoded Content-Length: 117 Connection: close Cookie

can load HTTPS. but not intercept ?

With Java 8 and Java 7 it doesn't work, With java 6 works. How can it work with java 8?

Authentication Multi factor lab - 2FA Broken Login

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Burp Extension CSRF Token

cookie values are set here Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Audit Item Status shows " Error Request time out and Unknown Errors "

like Gecko) Chrome/84.0.4147.125 Safari/537.36 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded

BurpSuite Proxy Listener, Mac OS and Chrome not playing nice together

BurpSuite by attacking a local instance of WebGoat (intentionally-vulnerable web app at https://owasp.org/www-project-webgoat

Same site, two different authentication methods (Basic first, then NTLM)

connect to the site, you're redirected to the BIG-IP's proxied.site.com/my.policy page, which wants Basic WWW

Copy/Paste/Cut shortcuts (CTRL+C/V/X) are not working on Windows 10

We upgraded a base Windows 7 install to Windows 10, and then installed the latest Oracle JRE 8, and Burp

Username enumeration via response timing: not getting response using repeater with X-Forwarded-For

Origin: https://ace11f691fef2ad580c703dd004a00c5.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Disable autocomplete inside Burp

I'm using the latest pro version and I see it across systems including Windows 7/10, Ubuntu 16.04, and

Crawl & audit very slow, never finishes (Burp pro 2020.9)

We are running into very similar issue in some of our environments (Windows 7 and Windows 10) where Burp

Intruder only works after repeater...sort of

Upgrade-Insecure-Requests: 1 Origin: https://um-auth-qa.auth.eu-west-1.amazoncognito.com Content-Type: application/x-www-form-urlencoded

burp is running with a black display

Hi Liam, I'm using Windows 7. BURP is working fine. … may find it useful to know the following commands to bring the UI back to the main monitor in Windows 7:

Bundled JRE can generate DH pairs larger than 2048 bits

I am using the platform installer on Windows 7. Now at version 2.0.12.

Handling multipart requests with Montoya API

request that looks like this: POST /something HTTP/1.1 Host: whatever Content-type: application/x-www-form-urlencoded

Password Reset Poisoning via Dangling Markeup

Origin: https://0a3100a703b733a780cdd52400fa00cc.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Mystery lab challenges that require to submit solution seem to be broken

HTTP/1.1 Host: {BURP_LAB}.web-security-academy.net Content-Length: 39 Content-Type: application/x-www-form-urlencoded

Different results Automated Scan vs Manual Active Scan

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Combine Web Cache Poisoning Vulnerabilities Lab Issue

I've followed the steps but at the 7:54 minute mark, I went to try to check if the response site would