Burp Suite User Forum

Cache Control - Lab Web cache poisoning with an unkeyed cookie

Isaac | Last updated: May 20, 2020 04:15PM UTC

I'm making a request to the lab mentioned above with machine windows 10 and burp v2020 does not return the page with cache, I did the test on a virtual machine linux with version 2.1 and it returns normally. I would like to know how I can solve this situation so that the burp understands that the next request will be cached. Below is an example.   Request GET / HTTP / 1.1 Host: ac411fe81e5a975980d80e6900fd00f0.web-security-academy.net User-Agent: Mozilla / 5.0 (X11; Linux x86_64; rv: 68.0) Gecko / 20100101 Firefox / 68.0 Accept: text / html, application / xhtml + xml, application / xml; q = 0.9, * / *; q = 0.8 Accept-Language: en-US, en; q = 0.5 Accept-Encoding: gzip, deflate Connection: close Cookie: session = 1uKFTBkY12h5jOXFRGX3BhXjduqPvxzB; fehost = prod-cache-01 Upgrade-Insecure-Requests: 1 answer HTTP / 1.1 200 OK Content-Type: text / html; charset = utf-8 Connection: close Cache-Control: max-age = 30 Age: 0 X-Cache: miss X-XSS-Protection: 0 Content-Length: 10498

Ben, PortSwigger Agent | Last updated: May 21, 2020 11:43AM UTC

Hi Isaac, Have you added a cache buster query parameter to your request?

You need to Log in to post a reply. Or register here, for free.