Ranking on WorldWide #178

you either update the website to show all Hall of Fame members or let me know how I can display my ranking

Port Swigger Academy ranking is not updating.

Hi. I noticed I solved like 7 labs, but my position in the hall of fame didn't change. I solved like 5 apprentice and 2 practitioner labs. It's already been 2 weeks without updating, I guess. Is the hall of fame bugged?

are not being considered when the update process is being carried out, which will be impacting the ranking

Hall of fame

are not being considered when the update process is being carried out, which will be impacting the ranking

Incorrect path reported in target sitemap

are probably problematic too), for example '<link rel="stylesheet" href="あ/style.css" />': # mkdir www … meta charset="utf-8"><link rel="stylesheet" href="あ/style.css" /></head><body>test</body></html>' > www … /www:/usr/share/nginx/html:ro -p 5000:80 -d nginx 2) browse through Burp to the created webpage (http … amd64 os.name Linux os.version 6.8.0-41

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

HTTP Request Smuggling

responses" is given as "POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … server was given as "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … should be like this: "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Content-Length: 146 x=POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, basic TE.CL vulnerability

i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Modifying serialized data types - Debug dumps tokens

p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP Request Smuggling

portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

PHP deserialization: Signature does not match

receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2

ca certificate

The URL is http://burp/ - there's no www.

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded … username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com … : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com

Install Burpsuite on Kali ARM RaspberryPi 4

Tell What version can I put on kali-pi 4.19.118-Re4son-v7+ #1 SMP Wed May 6 14:25:41 AEST 2020 armv7l

Linux kali-pi 4.19.118-Re4son-v7+ #1 SMP Wed May 6 14:25:41 AEST 2020 armv7l GNU/Linux Architecture

Lab 1 Directory traversal(File path traversal, simple case)

3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www … /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal

Lab: Modifying serialized data types

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

74%39 Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 ??

this error: Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 Then, what I did is:

Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4:"User":2

Lab: HTTP request smuggling, basic TE.CL vulnerability

provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

0, which is the size of the next chunk in bytes): 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Bug in Lab

error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

HTTP request

POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic TE.CL vulnerability

Please see below: POST / HTTP/1.1 Host: <lab-ID>.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a55001804a184ac82e056fd001300f2.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab Not Working Properly

HTTP/1.1 Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: aca71f681fe0a61c80c01e0d01930066.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: ac7a1f911ef7995e80d3ec5300020083.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-acab1f4f1e8899f38092ec9101ef005c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to perform web cache poisoning - Not getting results.

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Lab: Arbitrary object injection in PHP

burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5

Missing parameter in HTTP Smuggling request lab

HTTP/1.1 Host: 0a3a008503e2d7a7c03e1b91006c0030.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab Not Responding

HTTP/1.1 Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to capture other users' requests

the lab POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to capture other users' requests-- not solving

HTTP/1.1 Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 277 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, obfuscating the TE header

response when i sent this request POST / HTTP/1.1 Host: my lab id Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Sort entries in the site map by domain components before hostname

com.host1.www com.host1.www1 com.net2.www even though the hostnames are actually displayed as expected

HTTP request smuggling, basic TE.CL vulnerability Lab Queries.

HTTP/1.1 Host: 0a7600cc04f7bab6802e1c2500f700ad.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36 Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Connection: keep-alive 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to capture other users' requests

acc91f4d1faf6485c0b70322000b009b.web-security-academy.net Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU Content-Type: application/x-www-form-urlencoded … Transfer-encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Length: 600 Content-Type: application/x-www-form-urlencoded

Different URLs in Target: Request, Raw and Site map URL

Here is what is shown in the Site map window right above (list of all URLs): https://www. … id=WEB87431-20150616190 HTTP/1.1 Same with: https://www._something_ com/ - GET - /bp_chart.php?

invisible proxy

Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www

LAB: Exploiting HTTP request smuggling to perform web cache poisoning

I'll past the request: POST / HTTP/1.1 Host: victimhost Content-Type: application/x-www-form-urlencoded … postId=1 HTTP/1.1 Host: exploitserver Content-Type: application/x-www-form-urlencoded Content-Length

Lab Issues: Exploiting HTTP request smuggling to deliver reflected XSS

Exploit: ``` POST / HTTP/1.1 Host: my-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … postId=5 HTTP/1.1 User-Agent: a"/><script>alert(1)</script> Content-Type: application/x-www-form-urlencoded

HTTP smuggling

vulnerabilities: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Request Smuggling - Lab does not work

0a5900b7040dfb4fc1db8f1c005d0093.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded … HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Academy Leaning Material minor mistake on "Finding HTTP request smuggling vulnerabilities" page.

reads as below: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 60 POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded … POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters) Content-Type: application/x-www-form-urlencoded

Content-length: 4 Transfer-Encoding: chunked 5f POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab - Modifying serialized objects login fuction not working properly?

PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request … https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded … is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php&apos;) in /var/www/index.php on line 1</p> </div> </section

use burp suite

https://www.?elp.com

Burp scanner ignores scan configuration exclusion lists

/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1 Host: www..... … Connection: close Content-Length: 3002 X-Single-Page-Navigation: true Origin: https://www.....

An incorrect example in the "Exploiting HTTP request smuggling" section on the Web Security Academy.

Transfer-Encoding: chunked 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … supposed to be: 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Broken chunked-encoding

like Gecko) Chrome/88.0.4324.150 Safari/537.36 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded … keep-alive 96 GET /404 HTTP/1.1 X: x=1&q=smugging&x= Host: example.com Content-Type: application/x-www-form-urlencoded

Solution not functional: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses"

HTTP/1.1 Host: 0a4c00f10450f67f802cd1480095009f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic TE.CL vulnerability

document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded … postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0 … postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

Issue on Burpsuite deployed on Google Cloud i.e. GKE (v1.22.11-gke.400) during Scan. The scan runs infinitely.

getting below Logs repeatedly when running scan and scan runs infinetly textPayload: "2022-09-15 09:41 … @6b0facef{/,null,UNAVAILABLE} contextPath ends with /* [r STARTING]" textPayload: "2022-09-15 09:41 … o.e.j.server.handler.ContextHandler - Empty contextPath [r STARTING]" textPayload: "2022-09-15 09:41 … [r STARTING] textPayload: "2022-09-15 09:41:40 INFO b.b.b.BurpSuiteProInstanceLauncher - Starting … -6 - [Thread: 24] 2022-09-15 09:41:47.162 393838307564593, net.portswigger.kf INFO - connectedSocket,

Lab: Exploiting HTTP request smuggling to capture other users' requests

HTTP/1.1 Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Content-Length: 251 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Incorrect Issue Type/Advisory Finding & Remediation

As such, it is recommended to set the header as X-XSS-Protection: 0" Reference https://owasp.org/www-project-secure-headers

Modifying serialized objects

this - Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4.

stripping of lab "File path traversal, traversal sequences stripped non-recursively"

=41.jpg" given that the stripping is non-recursive. … Same for "..//41.jpg". … ./" would we stripped then the "/" remains, which would make the server process "/41.jpg" Finally, I … do not understand why "....//41.jpg" doesn't work. … I assume the server processes ../41.jpg because only the 3rd & 4th dot and 1 / are stripped.

then why would "/41.jpg" work like "41.jpg" as well as "../41.jpg" ? I'm a bit confused :/

Hi With the examples you have given, "/41.jpg" and "../41.jpg" details would be stripped so that you … are left with 41.jpg and so the image can be returned. … If you used a sequence such as ....//41.jpg, once ../ has been stripped, you would still be left with … ../41.jpg which would then look in a different folder and fail to find the image.

Proxy connection closed

7f2f9e055a74df967116223c431c9ffc=qub7j1cc8bi084gvtd3p2b1q84 Connection: close Content-Type: application/x-www-form-urlencoded

BCheck SQLi bypass autentication

: 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded

: 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded … : 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded

why there is an empty line after Content-Length header in http smuggle attacks?

for example : POST /search HTTP/1.1 Host: normal-website.com Content-Type: application/x-www-form-urlencoded

HTTP request Smuggling CL.TE LAB

HTTP/1.1 Host: 0a120052048d10f0c0b07c7700c300bb.web-security-academy.net Content-Type: application/x-www-form-urlencoded

solution : POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic CL.TE vulnerability

HTTP/1.1 Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net Content-Type: application/x-www-form-urlencoded

0a3500f90359495b811ec02e002700bc.web-security-academy.net\r\n Connection: keep-alive\r\n Content-Type: application/x-www-form-urlencoded

Advanced Target Scope - Load File

.*\.example\.com\/* test\.net\/path\/here\/* www\.test\.net\/* -----------

Burp Scaner with form credentials

The Content-Type is: application/x-www-form-urlencoded

Lab: CSRF where token is not tied to user session

https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded

how do we calculate value for tranfer encoding??

username=carlos HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length

username=carlos HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length

Upload File to Burp Collaborator

Hi, It looks like you are trying to achieve what is described in the articles below: - https://www

multiple request headers in burpsuite community edition v2023.7.2

Cookie: session=8aVCM2qExzt0Y2t1AJ4WhRIKozqAYedJ Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Username enumeration via response timing

0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded … 0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic CL.TE vulnerability

Connection: keep-alive Content-Length: 10 Transer-Encoding: chunked Content-Type: application/x-www-form-urlencoded

Lab: CL-TE request smuggling lab is not working with the official solution.

0ac000af04eed935c3233d650017001f.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Lab: CL-TE request smuggling lab is not working with the official solution

HTTP/2 Host: 0a6f004904bb0b7282f5067100c70057.web-security-academy.net Content-Type: application/x-www-form-urlencoded

DOM-based open redirection

burp-suite-explain-dom-based-open-redirection - https://portswigger.net/support/using-burp-to-test-for-open-redirections - https://owasp.org/www-pdf-archive

Unable to solve: Lab: Exploiting HTTP request smuggling to perform web cache poisoning

/1.1 Host: abcdabcdabcdabcdabcdabcdabcdabcde.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: exploit-exploitexploitexploitexploitexpl.exploit-server.net Content-Type: application/x-www-form-urlencoded

Scanner "X-Forwarded-For dependent response" check alters Content-Type?

Accept-Encoding: gzip, deflate X-CSRFToken: I7qjj8Iz3XwEEwu2gL4ZcePHMdNjOUD6 Content-Type: application/x-www-form-urlencoded … Connection: close X-Forwarded-For: 127.0.0.1 Notice the change to "Content-Type: application/x-www-form-urlencoded

HTTP1.1 replaced by HTTP/2 in response header?

Every time I send POST / HTTP/1.1 Host: ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded

"Lab: HTTP request smuggling, basic TE.CL vulnerability" need help in understanding

HTTP/1.1 Host: ac2f1f0e1ea3d02180733e8600de008b.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Server-side pause-based request smuggling ISSUE

web-security-academy.net Cookie: session=mAbLimPqmVB5vNGU7notqlDu7ZCsW8O4 Content-Type: application/x-www-form-urlencoded

0a9500d103b3bce3804ce9c5006a0004.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Logic error in lntruder module

KHTML, like Gecko) Version/4.0 Chrome/75.0.3770.143 Mobile Safari/537.36 Content-Type: application/x-www-form-urlencoded … KHTML, like Gecko) Version/4.0 Chrome/75.0.3770.143 Mobile Safari/537.36 Content-Type: application/x-www-form-urlencoded

burp doesn't take history like this path #something.php?image=photo.jpg

Directory/path traversal vulnerabilities do not usually take this into account: - https://owasp.org/www-community

Create an SSL cert with Certbot for a private collaborator server

certbot certonly --webroot -w /var/www/bc.mydomain -d bc.mydomain I get: Invalid response from http

Need help with password cracking

br X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb X-Instagram-AJAX: 1 Content-Type: application/x-www-form-urlencoded … br X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb X-Instagram-AJAX: 1 Content-Type: application/x-www-form-urlencoded

Design new extension - Problem with buildRequest and URL Encode

script>alert(1)</script> Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded … http://127.0.0.1/a.php Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Lab : Modifying serialized data types. Bug Decoder?

of the video I get this error : PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 I understand that

can't solve lab 'Exploiting time-sensitive vulnerabilities' - invalid token

0af100d8041a969e80e33fd60088007d.web-security-academy.net Dnt: 1 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded … 0af100d8041a969e80e33fd60088007d.web-security-academy.net Dnt: 1 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to perform web cache deception NOT WORKING

HTTP/1.1 Host: ac921f9e1e43510980d00f8c0079000b.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Burpsuite 2.0.0.5 Beta - SocketException on crawls and audits

redirected to the secure version so that's not exactly helpful), and oftentimes, subdomains other than www

Burp Does Not Redirect

<FORM NAME="AUTOSUBMIT" METHOD="POST" ENCTYPE="application/x-www-form-urlencoded" ACTION="https://...

Issue_events not working in burp API

Below is the response of CURL command (curl -vgw "\n" -X GET 'http://ipadd/myapikey/v0.1/scan/41' ) which … i am using to get the scan results: { "task_id": "41", "scan_status": "paused", "scan_metrics

TE.CL smuggling labs - official solutions do not work

Connection: keep-alive Transfer-Encoding: chunked 5b GLOOL / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

'Drop all out-of-scope requests' not behaving as expected

Add an entry, protocol 'Any', Host or IP range '^www\.google\.com$', leave the rest blank 3.

Missing PHP Code Injection Detection

module=login&method=loginForm Content-Type: application/x-www-form-urlencoded Content-Length: 63 Cookie

module=login&method=loginForm Content-Type: application/x-www-form-urlencoded Content-Length: 63 Cookie

Lab: CSRF where token is tied to non-session cookie

Cookie: session=**************; csrfKey=************************* Content-Type: application/x-www-form-urlencoded … session=*******************; csrfKey=<<"obtained CSRF cookie HERE">> Content-Type: application/x-www-form-urlencoded

2FA bypass using a brute-force attack

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Send request in the same connection turbo intruder

req POST / HTTP/1.1 Host: example.com Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic CL.TE vulnerability (Help for a noob)

1.1 Host: yourclientid.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Bug in Site map tab while showing only items in scope.

browse to the URL www.sapo.pt In the scope I have reg exp with: Protocol: HTTP Host or IP: ^www

Disable content type changes

further investigation it appears to be a result of Burp rewriting the content type from 'application/x-www-form-urlencoded

lab question

<form id="my_form" action="/post/comment" method="POST" enctype="application/x-www-form-urlencoded">

Lab - Exploiting Java deserialization with Apache Commons

------- Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: session=%72%4f%30%41% … 42%58%4e%79%41%42%64%71%59%58%5a%68%4c%6e%56%30%61%57%77%75%55%48%4a%70%62%33%4a%70%64%48%6c%52%64%57%

HTTPRQ Lab - Exploiting HTTP request smuggling to deliver reflected XSS

HTTP/1.1 Host: ac231f491feb99a4807c00a50038000f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: ac231f491feb99a4807c00a50038000f.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Burpsuite error or using incorrectily

0 Upgrade-Insecure-Requests: 1 Origin: https://www.kkkkkkkk.com Content-Type: application/x-www-form-urlencoded

Username enumeration via response timing problems with X-Forwarded-For header

Upgrade-Insecure-Requests: 1 Origin: https://asdsdasdasd.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Excel Macro & Burp

compatible; MSIE 6.0; Windows NT 5.0)" objHTTP.setRequestHeader "Content-type", "application/x-www-form-urlencoded

Valid XSS not reporting in issues ? Is it me?

max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://testphp.vulnweb.com Content-Type: application/x-www-form-urlencoded

How to Crawl HTTPS Website in enterprise edition

Could not connect to any seed URLs. 2021-04-27 14:29:41 [qtp1448492608-3410] INFO - Received metric … FAILED 0 0 2021-04-27 14:29:41 [qtp1448492608-3410] INFO - Scan finished exceptionally: 66 2021-04 … -27 14:29:41 [b] INFO - Deleting temporary files - please wait ...

The server's certificate is not trusted

thinkwithgoogle.com, withgoogle.com, withyoutube.com Issued by: GTS CA 1O1 Valid from: Thu Sep 03 06:35:41 … GMT 2020 Valid to: Thu Nov 26 06:35:41 GMT 2020 Certificate chain #1 Issued to: GTS CA 1O1 Issued

thinkwithgoogle.com, withgoogle.com, withyoutube.com Issued by: GTS CA 1O1 Valid from: Thu Sep 03 06:35:41 … GMT 2020 Valid to: Thu Nov 26 06:35:41 GMT 2020 But doesn't that mean we have to import every

Lab: Exploiting HTTP request smuggling to perform web cache deception (Solution incorrect)

POST / HTTP/1.1 Host: xxx-your-lab-id-xxx.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Allowing the symbol "&" to be part of a string, instead of being something else

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Content-Type: application/x-www-form-urlencoded

SSO with microsoftonline.com

sXXX0T-HXXXxb-FXXXH_cfXXX6-KHXXXX81&cbcxt=&username=USER%40ENTERPRISE_OFFICE_DOMAIN.com&mkt=&lc= with a www-form-urlencoded … ENTERPRISE_OFFICE_DOMAIN.com mkt lc This is followed by a POST to ttps://login.microsoftonline.com/login.srf with www-form-urlencoded

HTTP Request Smuggling POST Request with Body

a GET request: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

XSS False positive

fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded

Unable to build http request with header

103.0.5060.134 Safari/537.36, Connection: close, Cache-Control: max-age=0, Content-Type: application/x-www-form-urlencoded

No Host header in https://portswigger.net/web-security/host-header/exploiting/lab-host-header-authentication-bypass

u=1 te: trailers content-type: application/x-www-form-urlencoded

Lab is not solved by its own written solution

Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.236 2023-01-05 18:41 … Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.227.205 2023-01-05 18:41 … Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.164 2023-01-05 18:41 … Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.55.247 2023-01-05 18:41 … Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" 197.210.226.236 2023-01-05 18:41

Missed SQL Injection

=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Imstalling CA Certificate

Its urgent.http://sc.vtiger.net/screenshots/sushma-sc-at-29-07-2019-10-26-41.png

Lab: 2FA bypass using a brute-force attack doesn't get me a 302

Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Adding X-Forwarded-For to bypass IP based brute force protection

https://acaf1f021f283a268092b4c2004c008d.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Hey, I'm having an error when launching payload

id=wiener Content-Type: application/x-www-form-urlencoded Content-Length: 117 Connection: close Cookie

Authentication Multi factor lab - 2FA Broken Login

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Burp Extension CSRF Token

cookie values are set here Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Audit Item Status shows " Error Request time out and Unknown Errors "

like Gecko) Chrome/84.0.4147.125 Safari/537.36 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded

BurpSuite Proxy Listener, Mac OS and Chrome not playing nice together

BurpSuite by attacking a local instance of WebGoat (intentionally-vulnerable web app at https://owasp.org/www-project-webgoat

Same site, two different authentication methods (Basic first, then NTLM)

connect to the site, you're redirected to the BIG-IP's proxied.site.com/my.policy page, which wants Basic WWW

Username enumeration via response timing: not getting response using repeater with X-Forwarded-For

Origin: https://ace11f691fef2ad580c703dd004a00c5.web-security-academy.net Content-Type: application/x-www-form-urlencoded

how to disable 404 responce from burp suite report for cross-site scripting.

we have received around 41 cross-site scripting issues, but the response says that 404 error.

Intruder only works after repeater...sort of

Upgrade-Insecure-Requests: 1 Origin: https://um-auth-qa.auth.eu-west-1.amazoncognito.com Content-Type: application/x-www-form-urlencoded

Handling multipart requests with Montoya API

request that looks like this: POST /something HTTP/1.1 Host: whatever Content-type: application/x-www-form-urlencoded

Password Reset Poisoning via Dangling Markeup

Origin: https://0a3100a703b733a780cdd52400fa00cc.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Mystery lab challenges that require to submit solution seem to be broken

HTTP/1.1 Host: {BURP_LAB}.web-security-academy.net Content-Length: 39 Content-Type: application/x-www-form-urlencoded

Different results Automated Scan vs Manual Active Scan

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Problem with "Lab: HTTP request smuggling, basic CL.TE vulnerability"

oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded

Auditing not calling doActiveScan(...) method via Extensibility API

q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:8000/ Content-Type: application/x-www-form-urlencoded

Add a processing rule

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 Content-Type: application/x-www-form-urlencoded

Error In php Code

Signature does not match session in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Signature does not match session in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Locked due to many failed login attempts as soon as i scan my application

=0 Origin: https://test2.tstraining.com Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Browser receives "HTTP/1.0 200 Connection established" from BURP which received "HTTP/1.1 404 Not Found"

Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded … Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Burp Scanner does not recognize Open Redirect

DEADBEEF6B690E7B865A46CDDEADBEEF.aa_bbb_1_cc_0 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Decoding Gzip/Deflate issues

packet: OST /tracker-api/tracker/trackerLog HTTP/1.1 Connection: close Content-Type: application/x-www-form-urlencoded

Academy : Is there a Newbie "Academy 101" How to document / URL

Create a VM, Install ABC on it, point off to www.

how to add X-Forwarded-For and what is columns in Lab Username enumeration via response timing

X-Forwarded-For: 203.0.113.8 <---- INSERT HERE AND REMOVE THIS COMMENT Content-Type: application/x-www-form-urlencoded

Is it possible to send request from a password reset post to forward to a different email

Sec-Ch-Ua-Platform: "Linux" Upgrade-Insecure-Requests: 1 Origin: https://example.com Content-Type: application/x-www-form-urlencoded

Paused-Based Desync Detection reporting HTTP/2 requests

Accept-Encoding: gzip, deflate, br Connection: keep-alive Content-Length: 332 Content-Type: application/x-www-form-urlencoded

How exactly does the Burp Sequencer convert tokens to sets of bits for bit-level analysis?

So, if for example "A" is converted to 41 (UTF-8), would the bit equivalent be 101001 or 00101001?

Lab: Exploiting XXE using external entities to retrieve files

13 Cookie: session=aDJvRrAxYrf804mh6rJzMmjl2195R7IN Connection: close Content-Type: application/x-www-form-urlencoded

Lab: 2FA bypass using a brute-force attack

q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

+ '/login' urlForTokenPage = url + '/login2' headerObj = { "Content-Type": "application/x-www-form-urlencoded

Exploiting HTTP request smuggling to perform web cache poisoning - Failing to go to "Solved" status

HTTP/1.1 Host: 0a16007d0305e2b380340869000b001a.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: exploit-0a190088031de26f8094071201cb00b9.exploit-server.net Content-Type: application/x-www-form-urlencoded

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" Lab

Origin: https://0a49005803315b4185f35e92000600e2.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Burp Enterprise - Waiting for agent (stuck)

INFO n.p.enterprise.burpmanager.b.b - Instance not running [RxComputationThreadPool-1] 2021-03-24 23:41 … BurpSuiteProReference-Shutdown-b{process=net.portswigger.enterprise.common.k.j@4d80d975}] 2021-03-24 23:41

How can I send request from a password reset post to forward to a different email

Sec-Ch-Ua-Platform: "Linux" Upgrade-Insecure-Requests: 1 Origin: https://example.com Content-Type: application/x-www-form-urlencoded

macOSX V11.2 Big Sur, OWASP BWA and Virtual box--Home Hacking CyberSec Lab

r140961 (Qt5.6.3) OWASP BWA = Latest available from Sourceforge, links are in the book and a quick WWW

Unable to filter X-Forwarded-Host with Param Miner Burpsuite Professional v2024.5.5, Lab: Password reset poisoning via middleware

Origin: https://0a39009804c89ab28091da0d004800b9.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Burpsuite active scan changed my table's shape and data

When I try to add another card, the entire table moves up (e.g. 41 rows) and shows many other strange

Exploiting Ruby deserialization using a documented gadget chain

GET / HTTP/1.1 Host: ac401fba1e813cfdc1b61003001b0048.web-security-academy.net Cookie: session=%42%41% … 32%4e%68%63%6d%78%76%63%79%39%74%62%33%4a%68%62%47%55%75%64%48%68%30%42%6a%6f%47%52%56%52%76%4f%77%67%41% … 4f%68%46%41%5a%47%56%32%5a%57%78%76%63%47%31%6c%62%6e%52%47 Response: HTTP/1.1 500 Internal Server

Host header not present - Password reset poisoning via middleware

Origin: https://aca81fc11fb90044c029b70c00d3002f.web-security-academy.net Content-Type: application/x-www-form-urlencoded

software vulnerability scanner (burp extension based on vulners.com api)

burp.VulnersService.loadRules(VulnersService.java:133) at burp.BurpExtender.initPassiveScan(BurpExtender.java:41

Burp 2.0.14 install4j error.log

29) at com.install4j.runtime.util.internal.ReflectionUtil.setUnsafeAccessible(ReflectionUtil.java:41

WCF binary decode failure

1106 Content-Type: application/x-deflate Server: Microsoft-HTTPAPI/2.0 Date: Mon, 11 May 2015 21:39:41

Turbo Intruder error

Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

I am working on the lab " User role can be modified in user profile "

0a5a007703e1b1f281891199006e0050.web-security-academy.net Cookie: session=oxV1sxX4QZvyVzmzG5560Gj8IOcTt6cD Content-Length: 41

Lab: Web shell upload via path traversal | Correct answer is wrong?

1 Priority: u=0, i Te: trailers Response: HTTP/2 200 OK Date: Mon, 19 Aug 2024 12:22:41 GMT Server

Burpsuite does accept external connections on Mac OSX Catalina

MacBooks$ uname -a Darwin DRFSGSsMacBook.home 19.5.0 Darwin Kernel Version 19.5.0: Tue May 26 20:41

Lab CORS vulnerability with trusted null origin: CORS missing allow origin

}, { "name": "Content-Type", "value": "application/x-www-form-urlencoded … [], "headersSize": 746, "postData": { "mimeType": "application/x-www-form-urlencoded

Exploiting PHP deserialization with a pre-built gadget chain payload

Signature does not match session in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Version 2023.9.1 and 2023.10.2 does not include <vulnerabilityClassifications> in the xml and html reports generated using sparky

v --location 'http://<burp_vm IP>:<SparkyPort>/sparky/report' --header 'Content-Type: application/x-www-form-urlencoded

Error installing BurpSuite on Debian GNU/Linux 10 (buster)

Gtk-Message: 17:41:39.490: Failed to load module "canberra-gtk-module" So, I did: your@name:~$ sudo

installation in kali linux

:225) at java.desktop/sun.awt.PlatformGraphicsInfo.createToolkit(PlatformGraphicsInfo.java:41

Burpsuite active scan changed my table's shape and data, is there any way to recover them?

When I try to add another card, the entire table moves up (e.g. 41 rows) and shows many other strange

Slow lab response times

of the intruder run: 37 del 200 85012 85054 false false 33 custom tags 85008 85049 false false 41

Configured the Burp Proxy. Applications not working thru proxy

burpVersion="1.7.37" exportTime="Mon Feb 25 14:48:32 IST 2019"> <item> <time>Mon Feb 25 14:41

Burp Pro fails to launch

8b 55 00 49 8b 74 24 60 48 89 d9 4c 89 e7 0x00007f18fc1c5a3e: c7 03 00 00 00 00 4c 8b 40 20 41 ff … d3 85 c0 75 0x00007f18fc1c5a4e: c1 48 83 c4 18 44 89 f8 5b 41 5c 41 5d 41 5e 41 0x00007f18fc1c5a5e … 5c 41 5d 41 5e 41 5f 5d ff 0x00007f18fc1c5a9e: e0 90 55 48 89 e5 41 55 48 83 ec 18 4c 8b 6f 10 0x00007f18fc1c5aae … 55 49 89 fd 41 54 49 89 cc 0x00007f18fc1c5bae: 53 4c 89 c3 48 83 ec 08 48 8b 7f 10 41 c7 00 00 0x00007f18fc1c5bbe … 89 c0 85 c0 0x00007f18fc1c5bde: 75 10 48 83 c4 08 44 89 c0 5b 41 5c 41 5d 5d c3 0x00007f18fc1c5bee

Burp could not obtain file lock of project file

/lang/String;+19 j burp.d4c.e()Ljava/lang/String;+8 j burp.chg.b(Ljava/lang/String;IZ)Lburp/yv;+41 … /lang/String;+19 j burp.d4c.e()Ljava/lang/String;+8 j burp.chg.b(Ljava/lang/String;IZ)Lburp/yv;+41

HTTP history entry disappears !

fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close HTTP/1.1 200 OK Date: Wed, 28 Dec 2022 15:25:41

Error while downloading burpsuite on kali linux

:225) at java.desktop/sun.awt.PlatformGraphicsInfo.createToolkit(PlatformGraphicsInfo.java:41

Weird Characters in Request Data

Open Browser n三 10 11 uc: 12 uca: 13 14 15 16 17 18 { :°p/SPLgy1jOÕEEÚ @iA : 60Ïu÷ÿî4É ×41

Open Browser n三 10 11 uc: 12 uca: 13 14 15 16 17 18 { :°p/SPLgy1jOÕEEÚ @iA : 60Ïu÷ÿî4É ×41

Open Browser n三 10 11 uc: 12 uca: 13 14 15 16 17 18 { :°p/SPLgy1jOÕEEÚ @iA : 60Ïu÷ÿî4É ×41

Open Browser n三 10 11 uc: 12 uca: 13 14 15 16 17 18 { :°p/SPLgy1jOÕEEÚ @iA : 60Ïu÷ÿî4É ×41

Open Browser n三 10 11 uc: 12 uca: 13 14 15 16 17 18 { :°p/SPLgy1jOÕEEÚ @iA : 60Ïu÷ÿî4É ×41

Open Browser n三 10 11 uc: 12 uca: 13 14 15 16 17 18 { :°p/SPLgy1jOÕEEÚ @iA : 60Ïu÷ÿî4É ×41

Open Browser n三 10 11 uc: 12 uca: 13 14 15 16 17 18 { :°p/SPLgy1jOÕEEÚ @iA : 60Ïu÷ÿî4É ×41

Open Browser n三 10 11 uc: 12 uca: 13 14 15 16 17 18 { :°p/SPLgy1jOÕEEÚ @iA : 60Ïu÷ÿî4É ×41

JavaFX error while uploading extension

<clinit>(SWPipeline.java:41) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName

Active Scan insertion point types & other bugs

Accept-Encoding: gzip, deflate If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT content-type: application/x-www-form-urlencoded

Lab: Username enumeration via response timing - ("X-Forwarded-For:" not working)

Origin: https://ac921f4f1ec67a2fc05d23890023008c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

handshake failure using strong cipher suites

58, 111, 166, 133, 49, 255, 78, 91, 163, 109, 234, 222, 18, 150, 10, 112, 160, 7, 47, 139, 37, 237, 41

HTTP Request Smuggler: Error in thread: Can't find the header: Connection. See error pane for stack trace.

Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded

Private collaborator server not starting with valid certificates

9e:fb: 0e:72:b1:1d:9b:bc:03:f9:49:05:d8:81:dd:05:b4: 2a:d6:41 … 28:17:6c:d2:98:c1:a8:09:64:77:6e:47: 37:ba:ce:ac:59:5e:68:9d:7f:72:d6:89:c5:06:41 … 3b: 98:a6:7d:60:8a:a2:a3:29:82:cc:ba:bd:83:04:1b: a2:83:03:41 … 43:2c:aa:1b:93:1f:c9:de:f5:ab:69:5d:13:f5:5b:86:58:22: ca:4d:55:e4:70:67:6d:c2:57:c5:46:39:41 … 30:89:ff:e5:68:13:7b:54:0b:c8:d6:ae:ec:5a:9c: 92:1e:3d:64:b3:8c:c6:df:bf:c9:41

Burp does not set SNI on the outgoing connection to an SSL enabled web server

This was what got generated in the incoming connection to Burp (browser to Burp): pool-5-thread-41

Issue report sequence

39); ("WebSocket hijacking (stored DOM-based)", 40); ("Local file path manipulation (DOM-based)", 41

not able to view log data properly

87.0.4280.88 Safari/537.36" IP address(removed from this part for my internal purpose) 2020-12-16 07:06:41 … 87.0.4280.88 Safari/537.36" IP address(removed from this part for my internal purpose) 2020-12-16 07:41 … Gecko/20100101 Firefox/83.0" IP address(removed from this part for my internal purpose) 2020-12-16 07:41 … Gecko/20100101 Firefox/83.0" IP address(removed from this part for my internal purpose) 2020-12-16 07:41 … Gecko/20100101 Firefox/83.0" IP address(removed from this part for my internal purpose) 2020-12-16 07:41

Lab: SameSite Strict bypass via sibling domain - solution is broken

74%29%20%7b%0a%20%20%20%20%20%20%20%20%6e%65%77%57%65%62%53%6f%63%6b%65%74%2e%73%65%6e%64%28%22%52%45%41%

Lab: Information disclosure in version control history

Ожидание ответа… 200 OK Длина: 41 Сохранение в: «acd91f731e5e7ac4c0f863ff007d0080.web-security-academy.net … ============================================================================================>] 41 … acd91f731e5e7ac4c0f863ff007d0080.web-security-academy.net/.git/objects/21/d23f13ce6c704b81857379a3e247e3436f4b26» сохранён [41 … /41] --2022-02-10 17:19:59-- https://acd91f731e5e7ac4c0f863ff007d0080.web-security-academy.net/.git

HTTP request sent, awaiting response... 200 OK Length: 41 Saving to: ‘ac611fc21f25b7ecc06c1c88007c0047 … d23f13ce6c704b81857379a3e247e3436f4b26’ ac611fc21f25b7ecc06c1c 100%[============================>] 41 … ac611fc21f25b7ecc06c1c88007c0047.web-security-academy.net/.git/objects/21/d23f13ce6c704b81857379a3e247e3436f4b26’ saved [41 … /41] --2022-02-20 08:14:00-- https://ac611fc21f25b7ecc06c1c88007c0047.web-security-academy.net/.git

HTTP request sent, awaiting response... 200 OK Length: 41 Saving to: ‘ac611fc21f25b7ecc06c1c88007c0047 … d23f13ce6c704b81857379a3e247e3436f4b26’ ac611fc21f25b7ecc06c1c 100%[============================>] 41 … ac611fc21f25b7ecc06c1c88007c0047.web-security-academy.net/.git/objects/21/d23f13ce6c704b81857379a3e247e3436f4b26’ saved [41 … /41] --2022-02-20 08:14:00-- https://ac611fc21f25b7ecc06c1c88007c0047.web-security-academy.net/.git

Targeted web cache poisoning using an unknown header

postId=6"><img src="/image/blog/posts/41.jpg"></a> <h2>The Hating Dating App

Issue with Lab: Web shell upload via path traversal

�A��Or}�sԌc������ſiR��rJ(��=�(��(�Si� z�R���(��(��(��(��*�����02Le���0�Tqߡ�=i�gs:�U ���f����