Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp proxy breaks public exploits for CVE-2023-46747

Joel | Last updated: Nov 09, 2023 06:39PM UTC

See the following issue report on one such exploit that Burp breaks: https://github.com/W01fh4cker/CVE-2023-46747-RCE/issues/3 Basically, the exploit relies on using the 'Transfer-Encoding: chunked, chunked' header with a somewhat improbable message body that specifies the full data is sent in the packet rather than breaking it up. When the exploit is executed without using the Burp proxy, it works just fine, but when it is passed through Burp, Burp removes the 'Transfer-Encoding: chunked, chunked' header and adds a 'Content-Length: 516' as if Burp is interpreting and "correcting" the crafted packet, which causes the exploit to fail.

Hannah, PortSwigger Agent | Last updated: Nov 10, 2023 12:46PM UTC

Hi To clarify, in this instance, you are executing your HTTP request from a script that is being proxied through Burp? Are you using Intercept to edit this message at all when it passes through Burp, or are you simply using Burp to log the traffic?

Joel | Last updated: Nov 10, 2023 09:22PM UTC

I am simply passing my traffic through Burp, not using intercept, not modifying anything. I've confirmed that Burp breaks both the exploit already mentioned as well as the nuclei template (see https://github.com/projectdiscovery/nuclei-templates/issues/8590). This is in the latest public release, v2023.10.3.4.

Hannah, PortSwigger Agent | Last updated: Nov 13, 2023 04:58PM UTC

Thanks for that information! We'll look at replicating this behavior and, where appropriate, raise a bug report.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.