Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Authentication bypass via encryption oracle

kairosdev | Last updated: Jan 10, 2022 06:33PM UTC

I'm stuck in "Re-encode the data and copy the result into the notification cookie of the decrypt request. When you send the request, observe that an error message indicates that a block-based encryption algorithm is used" according to Portswigger Solution. I've tried several times and I always got a "HTTP/1.1 200 OK" response. I've already deleted the 23 hex bytes but I can't get the error.

Michelle, PortSwigger Agent | Last updated: Jan 11, 2022 08:38AM UTC

Thanks for getting in touch. We've been able to replicate your issue and we're currently looking into this. We'll be in touch with an update soon.

Bin | Last updated: Jan 16, 2022 08:09PM UTC

I am getting the same issue, refers to: Re-encode the data and copy the result into the notification cookie of the decrypt request. When you send the request, observe that an error message indicates that a block-based encryption algorithm is used and that the input length must be a multiple of 16. You need to pad the "Invalid email address: " prefix with enough bytes so that the number of bytes you will remove is a multiple of 16. Let us know when you have resolved the issue. This is the last step in the Lab. Thanks

Michelle, PortSwigger Agent | Last updated: Jan 17, 2022 08:28AM UTC

Thanks for getting in touch to raise this with us, we are aware of this error and we are working on a fix for it. We'll post back here when the fix is released.

Michelle, PortSwigger Agent | Last updated: Jan 28, 2022 11:01AM UTC

Hi both We have fixed the issues in this lab so you should now see the error message mentioned in step 9.

kairosdev | Last updated: Feb 07, 2022 08:39PM UTC