Search Forum – PortSwigger

Lab : Modifying serialized data types. Bug Decoder?

of the video I get this error : PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 I understand that … encoded url = %65%33%4d%36%4f%44%6f%69%64%58%4e%6c%63%6d%35%68%62%57%55%69%4f%33%4d%36%4d%54%4d%36%49%6d%46% … 6b%62%57%6c%75%61%58%4e%30%63%6d%46%30%62%33%49%69%4f%33%4d%36%4d%54%49%36%49%6d%46%6a%59%32%56%7a%63%

No Host header in https://portswigger.net/web-security/host-header/exploiting/lab-host-header-authentication-bypass

cookie: session=uh7z8Bd1CaBOY98M1UQs5vtO2syzKWRL cookie: _lab=46% … u=1 te: trailers content-type: application/x-www-form-urlencoded

Missed SQL Injection

identify it with as the following: sqlmap identified the following injection point(s) with a total of 46 … =0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

HTTP Request Smuggling

responses" is given as "POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … server was given as "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … should be like this: "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Content-Length: 146 x=POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, basic TE.CL vulnerability

i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Modifying serialized data types - Debug dumps tokens

p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP Request Smuggling

portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Issues with Burp Suite Enterprise Edition deployed on GKE

Installation: /usr/local/burpsuite_enterprise Logs: /home/burpsuite/logs Log disk space: 46

C) Since log disk space has been 46 GB I need to delete that. How I can do that ?

PHP deserialization: Signature does not match

receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2

ca certificate

The URL is http://burp/ - there's no www.

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded … username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com … : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com

Lab 1 Directory traversal(File path traversal, simple case)

3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www … /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal

Lab: Modifying serialized data types

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

74%39 Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 ??

this error: Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 Then, what I did is:

Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4:"User":2

Lab: HTTP request smuggling, basic TE.CL vulnerability

provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

0, which is the size of the next chunk in bytes): 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Bug in Lab

error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

HTTP request

POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic TE.CL vulnerability

Please see below: POST / HTTP/1.1 Host: <lab-ID>.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a55001804a184ac82e056fd001300f2.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab Not Working Properly

HTTP/1.1 Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: aca71f681fe0a61c80c01e0d01930066.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: ac7a1f911ef7995e80d3ec5300020083.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-acab1f4f1e8899f38092ec9101ef005c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to perform web cache poisoning - Not getting results.

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Lab: Arbitrary object injection in PHP

burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5

Missing parameter in HTTP Smuggling request lab

HTTP/1.1 Host: 0a3a008503e2d7a7c03e1b91006c0030.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab Not Responding

HTTP/1.1 Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to capture other users' requests

the lab POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to capture other users' requests-- not solving

HTTP/1.1 Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 277 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, obfuscating the TE header

response when i sent this request POST / HTTP/1.1 Host: my lab id Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Sort entries in the site map by domain components before hostname

com.host1.www com.host1.www1 com.net2.www even though the hostnames are actually displayed as expected

HTTP request smuggling, basic TE.CL vulnerability Lab Queries.

HTTP/1.1 Host: 0a7600cc04f7bab6802e1c2500f700ad.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36 Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Connection: keep-alive 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to capture other users' requests

acc91f4d1faf6485c0b70322000b009b.web-security-academy.net Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU Content-Type: application/x-www-form-urlencoded … Transfer-encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Length: 600 Content-Type: application/x-www-form-urlencoded

Different URLs in Target: Request, Raw and Site map URL

Here is what is shown in the Site map window right above (list of all URLs): https://www. … id=WEB87431-20150616190 HTTP/1.1 Same with: https://www._something_ com/ - GET - /bp_chart.php?

invisible proxy

Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www

LAB: Exploiting HTTP request smuggling to perform web cache poisoning

I'll past the request: POST / HTTP/1.1 Host: victimhost Content-Type: application/x-www-form-urlencoded … postId=1 HTTP/1.1 Host: exploitserver Content-Type: application/x-www-form-urlencoded Content-Length

Lab Issues: Exploiting HTTP request smuggling to deliver reflected XSS

Exploit: ``` POST / HTTP/1.1 Host: my-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … postId=5 HTTP/1.1 User-Agent: a"/><script>alert(1)</script> Content-Type: application/x-www-form-urlencoded

HTTP smuggling

vulnerabilities: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Request Smuggling - Lab does not work

0a5900b7040dfb4fc1db8f1c005d0093.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded … HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Academy Leaning Material minor mistake on "Finding HTTP request smuggling vulnerabilities" page.

reads as below: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 60 POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded … POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters) Content-Type: application/x-www-form-urlencoded

Content-length: 4 Transfer-Encoding: chunked 5f POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab - Modifying serialized objects login fuction not working properly?

PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request … https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded … is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1</p> </div> </section

use burp suite

https://www.?elp.com

Burp scanner ignores scan configuration exclusion lists

/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1 Host: www..... … Connection: close Content-Length: 3002 X-Single-Page-Navigation: true Origin: https://www.....

An incorrect example in the "Exploiting HTTP request smuggling" section on the Web Security Academy.

Transfer-Encoding: chunked 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … supposed to be: 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Broken chunked-encoding

like Gecko) Chrome/88.0.4324.150 Safari/537.36 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded … keep-alive 96 GET /404 HTTP/1.1 X: x=1&q=smugging&x= Host: example.com Content-Type: application/x-www-form-urlencoded

Solution not functional: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses"

HTTP/1.1 Host: 0a4c00f10450f67f802cd1480095009f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic TE.CL vulnerability

document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded … postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0 … postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

Lab: Exploiting HTTP request smuggling to capture other users' requests

HTTP/1.1 Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Content-Length: 251 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Incorrect Issue Type/Advisory Finding & Remediation

As such, it is recommended to set the header as X-XSS-Protection: 0" Reference https://owasp.org/www-project-secure-headers

Modifying serialized objects

this - Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4.

Proxy connection closed

7f2f9e055a74df967116223c431c9ffc=qub7j1cc8bi084gvtd3p2b1q84 Connection: close Content-Type: application/x-www-form-urlencoded

BCheck SQLi bypass autentication

: 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded

: 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded … : 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded

why there is an empty line after Content-Length header in http smuggle attacks?

for example : POST /search HTTP/1.1 Host: normal-website.com Content-Type: application/x-www-form-urlencoded

HTTP request Smuggling CL.TE LAB

HTTP/1.1 Host: 0a120052048d10f0c0b07c7700c300bb.web-security-academy.net Content-Type: application/x-www-form-urlencoded

solution : POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded

project file not saved

The timestamp on the main project file is 11:34 The timestamp of the most recent *backup* is 11:46 … There are only four backup files 09:36 10:07 10:46 11:46 I'm running Burp on a Windows 10 VM

Lab: HTTP request smuggling, basic CL.TE vulnerability

HTTP/1.1 Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net Content-Type: application/x-www-form-urlencoded

0a3500f90359495b811ec02e002700bc.web-security-academy.net\r\n Connection: keep-alive\r\n Content-Type: application/x-www-form-urlencoded

Advanced Target Scope - Load File

.*\.example\.com\/* test\.net\/path\/here\/* www\.test\.net\/* -----------

Burp Scaner with form credentials

The Content-Type is: application/x-www-form-urlencoded

Lab: CSRF where token is not tied to user session

https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded

how do we calculate value for tranfer encoding??

username=carlos HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length

Upload File to Burp Collaborator

Hi, It looks like you are trying to achieve what is described in the articles below: - https://www

multiple request headers in burpsuite community edition v2023.7.2

Cookie: session=8aVCM2qExzt0Y2t1AJ4WhRIKozqAYedJ Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Username enumeration via response timing

0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded … 0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded

No interaction from victim in Access Logs after sending request to /deliver-to-victim

my own interactions with the exploit server in the access log: ``` 192.184.176.136 2024-08-13 23:46 … AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" 192.184.176.136 2024-08-13 23:46 … AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" 192.184.176.136 2024-08-13 23:46 … AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" 192.184.176.136 2024-08-13 23:46 … AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" 192.184.176.136 2024-08-13 23:46

Lab: HTTP request smuggling, basic CL.TE vulnerability

Connection: keep-alive Content-Length: 10 Transer-Encoding: chunked Content-Type: application/x-www-form-urlencoded

Lab: CL-TE request smuggling lab is not working with the official solution.

0ac000af04eed935c3233d650017001f.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Lab: CL-TE request smuggling lab is not working with the official solution

HTTP/2 Host: 0a6f004904bb0b7282f5067100c70057.web-security-academy.net Content-Type: application/x-www-form-urlencoded

DOM-based open redirection

burp-suite-explain-dom-based-open-redirection - https://portswigger.net/support/using-burp-to-test-for-open-redirections - https://owasp.org/www-pdf-archive

Unable to solve: Lab: Exploiting HTTP request smuggling to perform web cache poisoning

/1.1 Host: abcdabcdabcdabcdabcdabcdabcdabcde.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: exploit-exploitexploitexploitexploitexpl.exploit-server.net Content-Type: application/x-www-form-urlencoded

Scanner "X-Forwarded-For dependent response" check alters Content-Type?

Accept-Encoding: gzip, deflate X-CSRFToken: I7qjj8Iz3XwEEwu2gL4ZcePHMdNjOUD6 Content-Type: application/x-www-form-urlencoded … Connection: close X-Forwarded-For: 127.0.0.1 Notice the change to "Content-Type: application/x-www-form-urlencoded

HTTP1.1 replaced by HTTP/2 in response header?

Every time I send POST / HTTP/1.1 Host: ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded

"Lab: HTTP request smuggling, basic TE.CL vulnerability" need help in understanding

HTTP/1.1 Host: ac2f1f0e1ea3d02180733e8600de008b.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Server-side pause-based request smuggling ISSUE

web-security-academy.net Cookie: session=mAbLimPqmVB5vNGU7notqlDu7ZCsW8O4 Content-Type: application/x-www-form-urlencoded

0a9500d103b3bce3804ce9c5006a0004.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Logic error in lntruder module

KHTML, like Gecko) Version/4.0 Chrome/75.0.3770.143 Mobile Safari/537.36 Content-Type: application/x-www-form-urlencoded … KHTML, like Gecko) Version/4.0 Chrome/75.0.3770.143 Mobile Safari/537.36 Content-Type: application/x-www-form-urlencoded

burp doesn't take history like this path #something.php?image=photo.jpg

Directory/path traversal vulnerabilities do not usually take this into account: - https://owasp.org/www-community

Create an SSL cert with Certbot for a private collaborator server

certbot certonly --webroot -w /var/www/bc.mydomain -d bc.mydomain I get: Invalid response from http

Need help with password cracking

br X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb X-Instagram-AJAX: 1 Content-Type: application/x-www-form-urlencoded … br X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb X-Instagram-AJAX: 1 Content-Type: application/x-www-form-urlencoded

Design new extension - Problem with buildRequest and URL Encode

script>alert(1)</script> Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded … http://127.0.0.1/a.php Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

can't solve lab 'Exploiting time-sensitive vulnerabilities' - invalid token

0af100d8041a969e80e33fd60088007d.web-security-academy.net Dnt: 1 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded … 0af100d8041a969e80e33fd60088007d.web-security-academy.net Dnt: 1 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to perform web cache deception NOT WORKING

HTTP/1.1 Host: ac921f9e1e43510980d00f8c0079000b.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Burpsuite 2.0.0.5 Beta - SocketException on crawls and audits

redirected to the secure version so that's not exactly helpful), and oftentimes, subdomains other than www

Burp Does Not Redirect

<FORM NAME="AUTOSUBMIT" METHOD="POST" ENCTYPE="application/x-www-form-urlencoded" ACTION="https://...

TE.CL smuggling labs - official solutions do not work

Connection: keep-alive Transfer-Encoding: chunked 5b GLOOL / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

'Drop all out-of-scope requests' not behaving as expected

Add an entry, protocol 'Any', Host or IP range '^www\.google\.com$', leave the rest blank 3.

Missing PHP Code Injection Detection

module=login&method=loginForm Content-Type: application/x-www-form-urlencoded Content-Length: 63 Cookie

Lab: CSRF where token is tied to non-session cookie

Cookie: session=**************; csrfKey=************************* Content-Type: application/x-www-form-urlencoded … session=*******************; csrfKey=<<"obtained CSRF cookie HERE">> Content-Type: application/x-www-form-urlencoded

Burp's CA certificate is expired

PortSwigger, OU=PortSwigger CA, CN=PortSwigger CA Validity Not Before: Feb 25 10:46 … :51 2014 GMT Not After : May 5 09:46:51 2022 GMT Subject: C=PortSwigger, ST=PortSwigger

2FA bypass using a brute-force attack

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Send request in the same connection turbo intruder

req POST / HTTP/1.1 Host: example.com Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic CL.TE vulnerability (Help for a noob)

1.1 Host: yourclientid.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Bug in Site map tab while showing only items in scope.

browse to the URL www.sapo.pt In the scope I have reg exp with: Protocol: HTTP Host or IP: ^www

Disable content type changes

further investigation it appears to be a result of Burp rewriting the content type from 'application/x-www-form-urlencoded

lab question

HTTPRQ Lab - Exploiting HTTP request smuggling to deliver reflected XSS

HTTP/1.1 Host: ac231f491feb99a4807c00a50038000f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: ac231f491feb99a4807c00a50038000f.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Burpsuite error or using incorrectily

0 Upgrade-Insecure-Requests: 1 Origin: https://www.kkkkkkkk.com Content-Type: application/x-www-form-urlencoded

Username enumeration via response timing problems with X-Forwarded-For header

Upgrade-Insecure-Requests: 1 Origin: https://asdsdasdasd.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Excel Macro & Burp

compatible; MSIE 6.0; Windows NT 5.0)" objHTTP.setRequestHeader "Content-type", "application/x-www-form-urlencoded

Valid XSS not reporting in issues ? Is it me?

max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://testphp.vulnweb.com Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to perform web cache deception (Solution incorrect)

POST / HTTP/1.1 Host: xxx-your-lab-id-xxx.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Allowing the symbol "&" to be part of a string, instead of being something else

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Content-Type: application/x-www-form-urlencoded

SSO with microsoftonline.com

sXXX0T-HXXXxb-FXXXH_cfXXX6-KHXXXX81&cbcxt=&username=USER%40ENTERPRISE_OFFICE_DOMAIN.com&mkt=&lc= with a www-form-urlencoded … ENTERPRISE_OFFICE_DOMAIN.com mkt lc This is followed by a POST to ttps://login.microsoftonline.com/login.srf with www-form-urlencoded

HTTP Request Smuggling POST Request with Body

a GET request: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Password reset poisoning Lab issue

User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0" 2021-01-18 07:55:46 … User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0" 2021-01-18 07:55:46

usuario: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0 " 2021-01-18 07:55:46

XSS False positive

fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded

Unable to build http request with header

103.0.5060.134 Safari/537.36, Connection: close, Cache-Control: max-age=0, Content-Type: application/x-www-form-urlencoded

Getting error in DotNet GraphQL application trying to use Create Schedule Item

The input should look something like your first example: {site_id: "46", schedule: {rrule: "", initial_run_time

Incorrect path reported in target sitemap

are probably problematic too), for example '<link rel="stylesheet" href="あ/style.css" />': # mkdir www … meta charset="utf-8"><link rel="stylesheet" href="あ/style.css" /></head><body>test</body></html>' > www … /www:/usr/share/nginx/html:ro -p 5000:80 -d nginx 2) browse through Burp to the created webpage (http

Exploit Server

my-account/change-email" method="POST"> <input type="hidden" name="email" value="testing@gmail&#46

Lab: 2FA bypass using a brute-force attack doesn't get me a 302

Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Adding X-Forwarded-For to bypass IP based brute force protection

https://acaf1f021f283a268092b4c2004c008d.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Hey, I'm having an error when launching payload

id=wiener Content-Type: application/x-www-form-urlencoded Content-Length: 117 Connection: close Cookie

i solve the lab CSRF where token validation depends on token being present but i site dont show lab solved

my-account/change-email" method="POST"> <input type="hidden" name="email" value="etroon@gmail&#46

Private collaborator server not starting with valid certificates

to deploy a private burp collaborator instance and hitting the following error message: May 23 20:46 … :28 collab java[16727]: 2022-05-23 20:46:28.898 : Using configuration file /etc/collaborator.config … May 23 20:46:29 collab java[16727]: 2022-05-23 20:46:29.077 : No certificate options specified, and we … failed to retrieve the name of the local host to create a self signed certific May 23 20:46:29 collab … at burp.dp.a(Unknown Source) May 23 20:46:29 collab java[16727]: at burp.y6.

Unable to write in all kind of inputs after a while

That is currently OpenJDK 14.0.2+12-46. Does your issue persist with this Java version?

Authentication Multi factor lab - 2FA Broken Login

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

the lab dont solve when i click on deliver exploit to victem but its all good dont know the problem

hidden" name="_method" value="POST"> <input type="hidden" name="email" value="Crack@gmail&#46

Lab: Reflected XSS protected by very strict CSP, with dangling markup attack

s=46 We will update the official written solution in due course.

Burp Extension CSRF Token

cookie values are set here Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Audit Item Status shows " Error Request time out and Unknown Errors "

like Gecko) Chrome/84.0.4147.125 Safari/537.36 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded

BurpSuite Proxy Listener, Mac OS and Chrome not playing nice together

BurpSuite by attacking a local instance of WebGoat (intentionally-vulnerable web app at https://owasp.org/www-project-webgoat

Same site, two different authentication methods (Basic first, then NTLM)

connect to the site, you're redirected to the BIG-IP's proxied.site.com/my.policy page, which wants Basic WWW

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" lab

s=46 We will update the official solution in due course.

JRE Warning

The current JRE that is packaged with the platform/installer version of Burp is OpenJDK 14.0.2+12-46

Username enumeration via response timing: not getting response using repeater with X-Forwarded-For

Origin: https://ace11f691fef2ad580c703dd004a00c5.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Intruder only works after repeater...sort of

Upgrade-Insecure-Requests: 1 Origin: https://um-auth-qa.auth.eu-west-1.amazoncognito.com Content-Type: application/x-www-form-urlencoded

solved lab show not solved

my-account/change-email" method="POST"> <input type="hidden" name="email" value="test3@hotmail&#46

web-security-academy.net/my-account/change-email"> <input type="hidden" name="email" value="testt@gmail&#46

Handling multipart requests with Montoya API

request that looks like this: POST /something HTTP/1.1 Host: whatever Content-type: application/x-www-form-urlencoded

Password Reset Poisoning via Dangling Markeup

Origin: https://0a3100a703b733a780cdd52400fa00cc.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Lab: CSRF vulnerability with no defenses

web-security-academy.net/email/change-email"> <input type="hidden" name="email" value="test@test&#46

Bug in the lab: CSRF where token is duplicated in cookie

my-account/change-email" method="POST"> <input type="hidden" name="email" value="ham@di&#46 … my-account/change-email" method="POST"> <input type="hidden" name="email" value="ham@di&#46

Mystery lab challenges that require to submit solution seem to be broken

HTTP/1.1 Host: {BURP_LAB}.web-security-academy.net Content-Length: 39 Content-Type: application/x-www-form-urlencoded

Different results Automated Scan vs Manual Active Scan

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Cannot solve lab "CSRF where token is duplicated in cookie"

change-email" method="POST"> <input type="hidden" name="email" value="wiener@normal-user&#46

solved the lab and not appearing as solved

0a36000604cbe09885b0273600be00ce.web-security-academy.net/my-account/change-email"> <input type="hidden" name="email" value="test7@hotmail&#46

Problem with "Lab: HTTP request smuggling, basic CL.TE vulnerability"

oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded

Auditing not calling doActiveScan(...) method via Extensibility API

q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:8000/ Content-Type: application/x-www-form-urlencoded

Add a processing rule

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Content-Type: application/x-www-form-urlencoded

Error In php Code

Signature does not match session in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Lab #5: CSRF where token is tied to non-session cookie & Lab #6: CSRF where token is duplicated in cookie issues

For example, for your email value, use something like "asdf@asdf.asdf".

/change-email" method="POST"> <input type="hidden" name="email" value="exploit2@exploit&#46

my-account/change-email" method="POST"> <input type="hidden" name="email" value="testemail@email&#46

In laboratory work, a request for a collaborator is not sent

s=46 We will update the official solution in due course.

Locked due to many failed login attempts as soon as i scan my application

=0 Origin: https://test2.tstraining.com Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Browser receives "HTTP/1.0 200 Connection established" from BURP which received "HTTP/1.1 404 Not Found"

Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded … Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Burp Scanner does not recognize Open Redirect

DEADBEEF6B690E7B865A46CDDEADBEEF.aa_bbb_1_cc_0 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Decoding Gzip/Deflate issues

packet: OST /tracker-api/tracker/trackerLog HTTP/1.1 Connection: close Content-Type: application/x-www-form-urlencoded

Academy : Is there a Newbie "Academy 101" How to document / URL

Create a VM, Install ABC on it, point off to www.

302 Redirect Not Picking Up Cookies

server response where i am not getting "Follow Redirection" 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46 … of server response where i am getting "Follow Redirection" 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46

how to add X-Forwarded-For and what is columns in Lab Username enumeration via response timing

X-Forwarded-For: 203.0.113.8 <---- INSERT HERE AND REMOVE THIS COMMENT Content-Type: application/x-www-form-urlencoded

Is it possible to send request from a password reset post to forward to a different email

Sec-Ch-Ua-Platform: "Linux" Upgrade-Insecure-Requests: 1 Origin: https://example.com Content-Type: application/x-www-form-urlencoded

Lab: SameSite Lax bypass via cookie refresh

change-email" method="POST"> <input type="hidden" name="email" value="wiener1@normal-user&#46

Paused-Based Desync Detection reporting HTTP/2 requests

Accept-Encoding: gzip, deflate, br Connection: keep-alive Content-Length: 332 Content-Type: application/x-www-form-urlencoded

Lab: CSRF where token validation depends on request method

web-security-academy.net/my-account/change-email"> <input type="hidden" name="email" value="hacka@a&#46

Can't pass the "CSRF with broken Referer validation" lab even if my solution works

my-account/change-email" method="POST"> <input type="hidden" name="email" value="attacker10@test&#46

change-email" method="POST"> <input type="hidden" name="email" value="test2@exploit&#46

i have a problem with Lab: CSRF where token is tied to non-session cookie

my-account/change-email" method="POST"> <input type="hidden" name="email" value="crack2@gmail&#46

Burpsuite Pro 8.4 (64-bit linux) doesn't start up properly

Distributor ID: Ubuntu Description: Ubuntu 20.04.5 LTS Release: 20.04 Codename: focal Linux 5.15.0-46

make my private collaborator server works well

Received DNS query from [123.456.789.012] for [polling.my.collab.com] containing no interaction Mar 23 13:46 … :27 host.localdomain startcollab.sh[8806]: 2020-03-23 13:46:27.808 : Received DNS query from [123.456.789.012

Lab: CSRF where token is not tied to user session

my-account/change-email" method="POST"> <input type="hidden" name="email" value="blah78@blah&#46

Lab: Exploiting XXE using external entities to retrieve files

13 Cookie: session=aDJvRrAxYrf804mh6rJzMmjl2195R7IN Connection: close Content-Type: application/x-www-form-urlencoded

CSRF Labs are buggy not working

my-account/change-email" method="POST"> <input type="hidden" name="email" value="test3@hotmail&#46

SameSite Lax bypass via cookie refresh problem the thing is that my exploit its ok when i check the view exploit but when i deliver it wont work

my-account/change-email" method="POST"> <input type="hidden" name="email" value="red@gmail&#46

Lab: 2FA bypass using a brute-force attack

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

+ '/login' urlForTokenPage = url + '/login2' headerObj = { "Content-Type": "application/x-www-form-urlencoded

Lab is showing as unsolved even after solving it properly.

change-email" method="POST"> <input type="hidden" name="email" value="attacker005@gmail&#46

Web Security Academy Issue

For instance "http:/mdsec.net.auth/16/" or "http:/mdsec.net.auth/46/" and all the other links with different

Lab: CSRF vulnerability with no defenses

web-security-academy.net/email/change-email"> <input type="hidden" name="email" value="test@test&#46

/change-email" method="POST"> <input type="hidden" name="email" value="wiener@exploited&#46

Apple silicon (M3) and Burp Suite Pro crash at launch

14.1.1 and as you can see from the logs, there is some kind of warning, namely: 2023-11-19 09:46

problem

change-email" method="POST"> <input type="hidden" name="email" value="attacker4444@gmail&#46

Exploiting HTTP request smuggling to perform web cache poisoning - Failing to go to "Solved" status

HTTP/1.1 Host: 0a16007d0305e2b380340869000b001a.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: exploit-0a190088031de26f8094071201cb00b9.exploit-server.net Content-Type: application/x-www-form-urlencoded

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" Lab

Origin: https://0a49005803315b4185f35e92000600e2.web-security-academy.net Content-Type: application/x-www-form-urlencoded

CSRF where token validation depends on request method

my-account/change-email" method="POST"> <input type="hidden" name="email" value="wiener4@user&#46

Lab: SameSite Lax bypass via method override

hidden" name="_method" value="POST"> <input type="hidden" name="email" value="test20@test&#46

How can I send request from a password reset post to forward to a different email

Sec-Ch-Ua-Platform: "Linux" Upgrade-Insecure-Requests: 1 Origin: https://example.com Content-Type: application/x-www-form-urlencoded

CA certificate not working

SHA signature - B4:9C:60:45:4E:27:52:95:11:D1:F4:71:EF:46:3C:6C:EB:A9:86:CB:3B:48:AA:28:77:A5:45:86:8B

Exploiting Ruby deserialization using a documented gadget chain

51%48%4e%77%5a%57%4e%76%4f%68%74%48%5a%57%30%36%4f%6c%4e%30%64%57%4a%54%63%47%56%6a%61%57%5a%70%59%32%46% … 30%61%57%39%75%42%6a%6f%52%51%47%78%76%59%57%52%6c%5a%46%39%6d%63%6d%39%74%53%53%49%67%66%48%4a%74%49% … 63%6d%78%76%63%79%39%74%62%33%4a%68%62%47%55%75%64%48%68%30%42%6a%6f%47%52%56%52%76%4f%77%67%41%4f%68%46%

macOSX V11.2 Big Sur, OWASP BWA and Virtual box--Home Hacking CyberSec Lab

r140961 (Qt5.6.3) OWASP BWA = Latest available from Sourceforge, links are in the book and a quick WWW

Unable to filter X-Forwarded-Host with Param Miner Burpsuite Professional v2024.5.5, Lab: Password reset poisoning via middleware

Origin: https://0a39009804c89ab28091da0d004800b9.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Problem about CSRF lab: SameSite Lax bypass via method override

my-account/change-email" method="POST"> <input type="hidden" name="email" value="hello@gmail&#46

HTTP Request Smuggler doesn't work

request with key https0a59006803c8cfd8815d6b8d007700a0.web-security-academy.netGET200HTML: 1 of 1 in 46

[Burp Enterprise] UI is unusable when a big-ish amount of sites are configured

burpsuite_enterprise/enterpriseServer/2022.1-8887 Logs: /var/log/BurpSuiteEnterpriseEdition Log disk space: 46

Lab: Host header authentication bypass seems broken

send the request from repeater, like this one: GET /admin HTTP/1.1 Host: 192.168.0.1 Cookie: _lab=46%

Host header not present - Password reset poisoning via middleware

Origin: https://aca81fc11fb90044c029b70c00d3002f.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Burp 2.0.14 install4j error.log

<init>(ScreenEnvelope.java:46) at com.install4j.runtime.installer.frontend.WizardScreenExecutor$3.run

Turbo Intruder error

Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

CSRF labs exploit server delivery doesn't work

my-account/change-email" method="POST"> <input type="hidden" name="email" value="exploit@carlos&#46

Lab Not Responding

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" 172.31.31.23 2020-07-08 08:46

Lab CORS vulnerability with trusted null origin: CORS missing allow origin

}, { "name": "Content-Type", "value": "application/x-www-form-urlencoded … [], "headersSize": 746, "postData": { "mimeType": "application/x-www-form-urlencoded

Burp Academy: Lab: Authentication bypass via encryption oracle, Missing Error Messages

id=wiener">My account</a> //line no. 46 Can you please take a look into this to solve the error.

Exploiting PHP deserialization with a pre-built gadget chain payload

Signature does not match session in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Turbo Intruder: always updating Content-Length header

attack = '''POST / HTTP/1.1 Host: example.com Content-Length: 4 Transfer-Encoding : chunked 46

Stage 2 of Practice exam with SQLMAP 1.7.2

application/signed-exchange;v=b3;q=0.7' \ -H 'accept-language: en-US,en;q=0.9' \ -H 'cookie: _lab=46%

Lab: Web cache poisoning via ambiguous requests

0aca000f040f309581f4970d014d00cd.exploit-server.net Cookie: session=IFSGVxw3eL6Dvz9lpgELIY7VUo8grQkn; _lab=46%

Version 2023.9.1 and 2023.10.2 does not include <vulnerabilityClassifications> in the xml and html reports generated using sparky

v --location 'http://<burp_vm IP>:<SparkyPort>/sparky/report' --header 'Content-Type: application/x-www-form-urlencoded

Lab: CSRF where token is not tied to user session

my-account/change-email" method="POST"> <input type="hidden" name="email" value="aefae@eaf1234&#46

CSRF where token is duplicated in cookie

my-account/change-email" method="POST"> <input type="hidden" name="email" value="weiner@evil&#46

Burp Suite Professional 2020.7 macOS Mojave 10.14.6 (18G6020) Crashing

JavaApplicationStub [691] User ID: 503 Date/Time: 2020-07-20 23:46

How to install burp suite properly. Java error during installtion.

com.install4j.runtime.installer.Installer.runInProcess(Installer.java:60) at com.install4j.runtime.installer.Installer.main(Installer.java:46

Latest Kali Linux Install Failure

com.install4j.runtime.installer.Installer.runInProcess(Installer.java:60) at com.install4j.runtime.installer.Installer.main(Installer.java:46

Active Scan insertion point types & other bugs

Accept-Encoding: gzip, deflate If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT content-type: application/x-www-form-urlencoded

Lab: Username enumeration via response timing - ("X-Forwarded-For:" not working)

Origin: https://ac921f4f1ec67a2fc05d23890023008c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

handshake failure using strong cipher suites

smoothly: *** ClientHello, TLSv1.2 RandomCookie: GMT: 1883716619 bytes = { 200, 13, 147, 243, 106, 46

Burp Suite Version Update Issue on Google Cloud

burpsuite_pro_macos_arm64_v2022_8_4.dmg, fileSize=235554672}]}]} [ForkJoinPool.commonPool-worker-3] 2022-09-15 10:19:46 … errorMessage=null, eulaVersion=null, eulaContent=} [ForkJoinPool.commonPool-worker-3] 2022-09-15 10:19:46

Crashing while actively scanning or crawling

false, block=22, wait=543 lock=java.lang.ref.ReferenceQueue$Lock@51307dfe owned by null (-1), cpu=46 … wait=17 lock=java.util.concurrent.SynchronousQueue$TransferStack@68cf2c3f owned by null (-1), cpu=46 … wait=21 lock=java.util.concurrent.SynchronousQueue$TransferStack@2749e1c9 owned by null (-1), cpu=46 … wait=18 lock=java.util.concurrent.SynchronousQueue$TransferStack@68cf2c3f owned by null (-1), cpu=46 … wait=24 lock=java.util.concurrent.SynchronousQueue$TransferStack@68cf2c3f owned by null (-1), cpu=46

HTTP Request Smuggler: Error in thread: Can't find the header: Connection. See error pane for stack trace.

Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded

Problem with lab : CORS vulnerability with trusted insecure protocols

resources/css/labsDark.css HTTP/1.1" 200 "user-agent: Googlebot-news" 86.244..216 2024-09-02 18:12:46

Lab: Information disclosure in version control history

-KB/s in 0s 2022-02-20 08:13:46 (7.19 MB/s) - ‘ac611fc21f25b7ecc06c1c88007c0047.web-security-academy.net … /.git/info’ saved [470/470] --2022-02-20 08:13:46-- https://ac611fc21f25b7ecc06c1c88007c0047.web-security-academy.net … -KB/s in 0s 2022-02-20 08:13:46 (17.4 MB/s) - ‘ac611fc21f25b7ecc06c1c88007c0047.web-security-academy.net … /.git/HEAD’ saved [22/22] --2022-02-20 08:13:46-- https://ac611fc21f25b7ecc06c1c88007c0047.web-security-academy.net … -KB/s in 0s 2022-02-20 08:13:46 (13.3 MB/s) - ‘ac611fc21f25b7ecc06c1c88007c0047.web-security-academy.net

Port 25 needed for new SMTP Checks on Private Collaborator Server?

My iptables config: [root@ip-172-30-1-46 burp-collaborator]# iptables -t nat -S -P PREROUTING ACCEPT

How do I configure python to proxy through BurpSuite for https?

contain an absolute URL - try enabling invisible proxy support&#46

DOM XSS - How do I prove this Vulner is ture

ver=V4.4.0:30:46) at ResetLoad (https://192.168.31.161/GroupManagement/JS_AddGroupData.js?

During installation of Enterprise Edition on Ubuntu Linux - setting ownership error

com.install4j.runtime.installer.Installer.runInProcess(Installer.java:61) at com.install4j.runtime.installer.Installer.main(Installer.java:46 … com.install4j.runtime.installer.Installer.runInProcess(Installer.java:61) at com.install4j.runtime.installer.Installer.main(Installer.java:46

"Did Not Find a login Form"

State] passive-worker-5: 09:55:05 => [113] [RandomCredentialsScene] passive-worker-4: 09:55:05 => [46 … i68] passive-worker-3: 09:55:07 => [46] [https://testenv.alert.ns2tpc.com:443/robots.txt§???? … i68] passive-worker-6: 09:55:08 => [46] [https://testenv.alert.ns2tpc.com:443/robots.txt§???? … i68] passive-worker-4: 09:55:09 => [46] [http://testenv.alert.ns2tpc.com:80/§???? … i68] passive-worker-7: 09:56:10 => [46] [EmptyRoom§????

Issue report sequence

Client-side XPath injection (reflected DOM-based)", 45); ("Client-side XPath injection (stored DOM-based)", 46

time delays

java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject@4239bae owned by null (-1), cpu=46 … , user=46 java.base@10.0.2/jdk.internal.misc.Unsafe.park(Native Method) java.base@10.0.2 … java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject@2b85ae9 owned by null (-1), cpu=46 … , user=46 java.base@10.0.2/jdk.internal.misc.Unsafe.park(Native Method) java.base@10.0.2