Problem with "Lab: HTTP request smuggling, basic CL.TE vulnerability"

oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded … Content-Length: 13 tRANSFER-ENCODING: chunked 3 x=y 0 ================================== … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded … Content-Length: 19 tRANSFER-ENCODING: chunked 3 x=y 1 Z Q ============================ … Content-Length: 13 tRANSFER-ENCODING: chunked 3 x=y 1 Z Q ============================

Error In php Code

id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y= … Signature does not match session in Command line code:7 Stack trace: #0 {main} thrown in /var/www

id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y= … Signature does not match session in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Lab - Modifying serialized objects login fuction not working properly?

PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request … =1.1 id=Layer_1 xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x=0px y= … is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php&apos;) in /var/www/index.php on line 1</p> </div> </section

burp crashes without any error on active scan

--------------- S Y S T E M --------------- OS: Windows Server 2019 , 64 bit Build 17763 (10.0.17763.3287

Extension-based active scans not running when Cookies contain too many insertion points (?)

Now run: ``` curl -i https://www.google.com/do/not/try -H 'Cookie: x=y=0&x=y&x=y&x=y&x=y&x=y&x=y& … x=y&x=y&x=false; foobar=eyJvcHRPdXQiOmZhbHNlLCJzZXNzaW9uSWQiOm51bGwsImxhc3RFdmVudFRpbWUiOm51bGwsImV2ZW50SWQiOjAsImlkZW50aWZ5SWQiOjAsInNlcXVlbmNlTnVtYmVyIjowfQ … additional requests Now run the following (this only differs by one character, x=y10 instead of x=y= … 0): ``` curl -i https://www.google.com/do/not/try -H 'Cookie: x=y10&x=y&x=y&x=y&x=y&x=y&x=y&x=y&x=y

In both cases, the "x=y=0" request resulted in additional insertion points and more requests sent.

Exploiting PHP deserialization with a pre-built gadget chain payload

id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y= … Signature does not match session in Command line code:7 Stack trace: #0 {main} thrown in /var/www

burpsuite issues over VNC connection

kali:latest ARG KALI_DESKTOP=xfce RUN apt update && DEBIAN_FRONTEND='noninteractive' apt install -y … kali-desktop-xfce \ kali-tools-top10 \ && DEBIAN_FRONTEND='noninteractive' apt-get purge -y … pm-utils xscreensaver* ENV DISPLAY :1 ENV KALI_DESKTOP ${KALI_DESKTOP} RUN apt-get install -y

Highlighting in IMessageEditor

Area * IMessageEditor res: Response Text Area * String text: Selected line to highlight * Int x,y, … public Graphics highlight(Graphics g, IMessageEditor req, IMessageEditor res, String text, int x, int y, … ln.getAscent() + ln.getDescent()); int x1 = x + (width - textWidth)/2; int y1 = (int)(y … gr.setColor(Color.YELLOW); gr.setBackground(Color.YELLOW); gr.fillRect(x, y,

Issue with Lab: Web shell upload via path traversal

Z���ƥzT��$�Yz��Y���������g����ʻ-?�<��KH��y˱o�M����[m݅Q@$A �Ab+�ҵwvKk��7���? … L�Z��,5 :c�����H��SЏ��������p5���s����T�y�?J�5���q>y���&�G^�.tіpFg���}�? … ��$ti;�åeQ�s�y'֊��VG�X���U�Y�Š(�0 (�� ��/�Yo�:������k��p:�����j�|,��5�F0�ѹ�. … Sܱi-���EKo�2�(Y��
��� ������ޢ�r[w�Y�!M_���u�f��O21讆? … CU��Y�bb��k�,��W����?

Burp Intruder cluster bomb payload set reused

For example, if the cluster bomb would give P1=X, P2=Y, P3=Z for one iteration, I would like to send: … param1 = X-Y-Z param2 = X-Y-Z Thank you for your help

HTTP Headers line folding seems to break Hackvertor tags

following request, everything will work normally: TRACE / HTTP/2 Host: foo.com User-Agent: foobar X: Y … ... then the TRACE request reflected back] TRACE / HTTP/2 Host: foo.com User-Agent: foobar X: Y

Burpsuite Enterprise uninstall script?

Yes [y, Enter], No [n] Choose whether to delete the data directory (/var/lib/BurpSuiteEnterpriseEdition … Yes [y], No [n, Enter] Choose whether to delete the logs directory (/var/log/BurpSuiteEnterpriseEdition … Yes [y], No [n, Enter] Choose whether to delete the database backups directory (/var/lib/BurpSuiteEnterpriseEdition … Yes [y], No [n, Enter] ``` To run the installer silently you can use the ```-q``` switch.

Lab: Username enumeration via response timing - ("X-Forwarded-For:" not working)

Origin: https://ac921f4f1ec67a2fc05d23890023008c.web-security-academy.net Content-Type: application/x-www-form-urlencoded … =1.1 id=Layer_1 xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x=0px y=

websocket history garbled text

I was able to copy As follows ��search__users��Y,!t@�TESS(� please treat me favorably

Burp Infiltrator Patching Fails On Webgoat 6.0.1

[y/N] Y Do you want Burp Infiltrator to report the full parameter value when input reaches a potentially … [Y/n] [5.236s][info][class,load] java.util.IdentityHashMap$IdentityHashMapIterator source: jrt:/java.base … [Y/n] Do you want to allow communication over unencrypted HTTP? … [y/N] Do you want to restrict the Burp Collaborator servers that can be used? … [y/N] Enter the file path to the target application bytecode.

HTTP Request Smuggling

responses" is given as "POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … server was given as "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … should be like this: "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Content-Length: 146 x=POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Hide from view based on MIME type

web server where certain categories of files (images, css) were having a filename of the format "_x-y" … with no extension, where x and y is a alphanumeric value of a varying length of characters, eg _0a1b2c4d5e-f6g7h8i9j

Exploiting clickjacking vulnerability to trigger DOM-based XSS

return [left,top]; }function generateClickArea(pos) { var elementWidth, elementHeight, x, y, … window.clickbandit.elementHeight = elementHeight; x = window.clickbandit.config.clickTracking[pos].left; y … btn.offsetWidth, h = btn.offsetHeight, container = document.getElementById('container'), x = btn.offsetLeft, y … = btn.offsetTop; container.style.overflow = 'hidden'; container.style.clip = 'rect('+y+'px, ' … +(x+w)+'px, '+(y+h)+'px, '+x+'px)'; container.style.clipPath = 'inset('+y+'px '+(x+w)+'px '+(y+h)

Lab: Exploiting clickjacking vulnerability to trigger DOM-based XSS does not work correctly

return [left,top]; }function generateClickArea(pos) { var elementWidth, elementHeight, x, y, … window.clickbandit.elementHeight = elementHeight; x = window.clickbandit.config.clickTracking[pos].left; y … btn.offsetWidth, h = btn.offsetHeight, container = document.getElementById('container'), x = btn.offsetLeft, y … = btn.offsetTop; container.style.overflow = 'hidden'; container.style.clip = 'rect('+y+'px, ' … +(x+w)+'px, '+(y+h)+'px, '+x+'px)'; container.style.clipPath = 'inset('+y+'px '+(x+w)+'px '+(y+h)

viewing and modifying spider queues

There are x number of requests queued in Spider and y number of forms queued.

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, basic TE.CL vulnerability

i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP Request Smuggler: Error in thread: Can't find the header: Connection. See error pane for stack trace.

Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded … Content-Length: 13 tRANSFER-ENCODING: chunked 3 x=y 1 Z Q And the response was: HTTP/1.1

Lab: Modifying serialized data types - Debug dumps tokens

p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

HTTP Request Smuggling

portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Unable to login to the labs with the given credentials

de wiener/peter testeando la aplicación para saber que pasaba, luego de eso intenté iniciar sesión y … username or invalid password", a lo cual yo dijé "logico, borré la cuenta", pero si borro el historial y

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com … : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com

ERROR installing Burp Suite Community 2022 in Kali Linux 2022

this: sudo apt update && apt upgrade sudo apt dist-upgrade then type in terminal: burpsuite y

ca certificate

The URL is http://burp/ - there's no www.

PHP deserialization: Signature does not match

receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2

Lab 1 Directory traversal(File path traversal, simple case)

3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www … /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded … username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

Bug in Lab

error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

Lab: Modifying serialized data types

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

74%39 Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 ??

this error: Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 Then, what I did is:

Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4:"User":2

Lab: HTTP request smuggling, basic TE.CL vulnerability

provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Password reset poisoning Lab issue

Y me sucede lo mismo que Marc: Algo anda mal con este laboratorio. … Todo lo que ve el registro de acceso es acceso interno al acceder al correo electrónico y al registro

HTTP request

POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Help required for exporting certificate

���0��0U% 0 +0 U�00U�y�<���pT���YK … ���0��0U% 0 +0 U�00U�y�<���pT���YK … ���0��0U% 0 +0 U�00U�y�<���pT���YK … ���0��0U% 0 +0 U�00U�y�<���pT���YK … ���0��0U% 0 +0 U�00U�y�<���pT���YK

Lab: Arbitrary object injection in PHP

burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5

Lab Not Working Properly

HTTP/1.1 Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: aca71f681fe0a61c80c01e0d01930066.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: ac7a1f911ef7995e80d3ec5300020083.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-acab1f4f1e8899f38092ec9101ef005c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to perform web cache poisoning - Not getting results.

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic TE.CL vulnerability

Please see below: POST / HTTP/1.1 Host: <lab-ID>.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, obfuscating the TE header

response when i sent this request POST / HTTP/1.1 Host: my lab id Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Missing parameter in HTTP Smuggling request lab

HTTP/1.1 Host: 0a3a008503e2d7a7c03e1b91006c0030.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab Not Responding

HTTP/1.1 Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to capture other users' requests

the lab POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to capture other users' requests-- not solving

HTTP/1.1 Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 277 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Issue with simulated victim user in Lab: Internal cache poisoning

However since the simulated user and the exploit server are probably on the same network the "www" part … Removing the "www" part did the trick. Thx for your concern.

HTTP request smuggling, basic TE.CL vulnerability Lab Queries.

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36 Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Connection: keep-alive 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Concealed Sequences

án6 %¦Y However, on my machine - Appears to be quite similar, however some subtle differences -

Sort entries in the site map by domain components before hostname

com.host1.www com.host1.www1 com.net2.www even though the hostnames are actually displayed as expected

LAB: Exploiting HTTP request smuggling to perform web cache poisoning

I'll past the request: POST / HTTP/1.1 Host: victimhost Content-Type: application/x-www-form-urlencoded … postId=1 HTTP/1.1 Host: exploitserver Content-Type: application/x-www-form-urlencoded Content-Length

No se puede validar la licencia

Luego de este error se ingresa a la cuenta se descarga la licencia y vuelve a salir dicho error.

Different URLs in Target: Request, Raw and Site map URL

Here is what is shown in the Site map window right above (list of all URLs): https://www. … id=WEB87431-20150616190 HTTP/1.1 Same with: https://www._something_ com/ - GET - /bp_chart.php?

"MS Gothic" font is missing

The install command is following: $ sudo apt-get -y install fonts-ipafont (Verified on Kali Linux 2023.4

Lab Issues: Exploiting HTTP request smuggling to deliver reflected XSS

Exploit: ``` POST / HTTP/1.1 Host: my-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … postId=5 HTTP/1.1 User-Agent: a"/><script>alert(1)</script> Content-Type: application/x-www-form-urlencoded

HTTP smuggling

vulnerabilities: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Request Smuggling - Lab does not work

0a5900b7040dfb4fc1db8f1c005d0093.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded … HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Web Security Academy Labs

to the 'Level progress' section of the Dashboard, which will record your progress in terms of 'X of Y'

Exploiting HTTP request smuggling to capture other users' requests

acc91f4d1faf6485c0b70322000b009b.web-security-academy.net Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU Content-Type: application/x-www-form-urlencoded … Transfer-encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Length: 600 Content-Type: application/x-www-form-urlencoded

Docker for Burp Pro

Hi, I would like to know if there would be problems with the license of burp suite PRO y I have one

Academy Leaning Material minor mistake on "Finding HTTP request smuggling vulnerabilities" page.

reads as below: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

having Difficulties in solving lab

binario, tambien el comando update-alternatives, en la terminal me devuelve bien el objeto serializado y

An incorrect example in the "Exploiting HTTP request smuggling" section on the Web Security Academy.

Transfer-Encoding: chunked 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … supposed to be: 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

invisible proxy

Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 60 POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded … POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters) Content-Type: application/x-www-form-urlencoded

Mistake in Advanced Scope Control documentation

x=y"

Burp scanner ignores scan configuration exclusion lists

/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1 Host: www..... … Connection: close Content-Length: 3002 X-Single-Page-Navigation: true Origin: https://www.....

use burp suite

https://www.?elp.com

No se puede validar la licencia

Luego de este error se ingresa a la cuenta se descarga la licencia y vuelve a salir dicho error.

Broken chunked-encoding

like Gecko) Chrome/88.0.4324.150 Safari/537.36 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded … keep-alive 96 GET /404 HTTP/1.1 X: x=1&q=smugging&x= Host: example.com Content-Type: application/x-www-form-urlencoded

Having issue signing into the "Basic Clickjacking with CSRF token protection" lab

already did all the adjusts and I tried to submit the solution in different browsers (Firefox, Edge y

Scan authenticate

hello, I would like to carry out an authenticated scan on the domain Y but to access this domain I must

problem with sqli

%Y %H:%i:%s') as FULL_DATE_CHANGE ,DATE_FORMAT(sc.DATE_CHANGE, '%d.%m. … %Y') as DATE_CHANGE ,sc.USER_ID ,scsite.URL as SITE_URL ,scsite.SITE_ID ,stt.RANK as `RANK`

Lab: Exploiting HTTP request smuggling to capture other users' requests

HTTP/1.1 Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Content-Length: 251 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Modifying serialized objects

this - Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4.

BCheck SQLi bypass autentication

: 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded … : 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded

Incorrect Issue Type/Advisory Finding & Remediation

As such, it is recommended to set the header as X-XSS-Protection: 0" Reference https://owasp.org/www-project-secure-headers

why there is an empty line after Content-Length header in http smuggle attacks?

for example : POST /search HTTP/1.1 Host: normal-website.com Content-Type: application/x-www-form-urlencoded

Burp Scaner with form credentials

The Content-Type is: application/x-www-form-urlencoded

Scans not completing

2021-12-16 17:54:42 [r] INFO - Detail: {"method":"Fetch.req - 0063\u0007Un^f\u00164\\C\uda62 >>> Y … <<< >z,a&S}\u0 2021-12-16 17:54:42 [r] INFO - net.portswigger.fe: Expected '\' but got 'Y' at [line

Burp with Jenkin

(y/n)". Kindly help.

Advanced Target Scope - Load File

.*\.example\.com\/* test\.net\/path\/here\/* www\.test\.net\/* -----------

Send to repeater failing

with left click, right click send to repeater, POST request this time, redacted below: POST /w/x/1/y-z

Proxy connection closed

7f2f9e055a74df967116223c431c9ffc=qub7j1cc8bi084gvtd3p2b1q84 Connection: close Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic CL.TE vulnerability

HTTP/1.1 Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net Content-Type: application/x-www-form-urlencoded

How to activate burp pro license for Service account user?

Put the following into a .txt file: y LICENSE-KEY-PASTED-HERE o 4.

Username enumeration via response timing

0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded … 0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded

Lab: CSRF where token is not tied to user session

https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded

Upload File to Burp Collaborator

Hi, It looks like you are trying to achieve what is described in the articles below: - https://www

HTTP request Smuggling CL.TE LAB

HTTP/1.1 Host: 0a120052048d10f0c0b07c7700c300bb.web-security-academy.net Content-Type: application/x-www-form-urlencoded

solution : POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded

how do we calculate value for tranfer encoding??

username=carlos HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length

Lab: CL-TE request smuggling lab is not working with the official solution

HTTP/2 Host: 0a6f004904bb0b7282f5067100c70057.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Scanner "X-Forwarded-For dependent response" check alters Content-Type?

Accept-Encoding: gzip, deflate X-CSRFToken: I7qjj8Iz3XwEEwu2gL4ZcePHMdNjOUD6 Content-Type: application/x-www-form-urlencoded … Connection: close X-Forwarded-For: 127.0.0.1 Notice the change to "Content-Type: application/x-www-form-urlencoded

Lab: CL-TE request smuggling lab is not working with the official solution.

0ac000af04eed935c3233d650017001f.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded