Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Cache poison labs - Responses not caching

Jason | Last updated: Apr 04, 2020 01:12AM UTC

Hello, I've been using the labs to practice cache poisoning. So far I've completed some of them, but since I tried the one that explotes DOM-based vulnerability, my requests made on burpsuite never receive a "X-Cache: hit" response, even if set-cookie headers are not present in response. What can be doing this?

Uthman, PortSwigger Agent | Last updated: Apr 06, 2020 07:03AM UTC

Hi Jason, Have you tried the official solution in the lab? Do you have any extensions enabled (such as Param Miner) that may be affecting the cache?

Jason | Last updated: Apr 06, 2020 07:42AM UTC

I did have Param Miner enabled, since it's needed to demonstrate some stuff in solutions. I had no idea that could interfere in the caching process, I unloaded it and inmediately worked! Thank you!

Jason | Last updated: Apr 06, 2020 07:42AM UTC

I did have Param Miner enabled, since it's needed to demonstrate some stuff in solutions. I had no idea that could interfere in the caching process, I unloaded it and inmediately worked! Thank you!

Uthman, PortSwigger Agent | Last updated: Apr 06, 2020 07:46AM UTC

You are welcome! I am glad the lab is working now. If the following parameters are set to True (i.e. enabled) in Param Miner, then it could affect the completion of the lab: try cache poison:, Add 'fcbz' cachebuster:, Add dynamic cachebuster:

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.