Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Cache Poisoning Labs

Ethan | Last updated: May 09, 2023 08:45PM UTC

I have been experiencing issues with the web cache poisoning labs the last couple days where the labs are not caching the HTTP responses at all. No matter how many times I resend the same basic requests (e.g. GET /), I always see "X-Cache: miss" in the response headers. The labs in which I have recently experienced this are "Web cache poisoning via ambiguous requests" and "Web cache poisoning with multiple headers".

Ben, PortSwigger Agent | Last updated: May 10, 2023 10:15AM UTC

Hi Ethan, Do you have any extensions running when you are attempting these labs?

Ethan | Last updated: May 10, 2023 03:04PM UTC

Yes! JS Miner, Java Deserialization Scanner, Param Miner, Active Scan++, Backslash powered scanner, Content Type Converter, Freddy, HTTP Request Smuggler, JWT Editor, Hackvertor, ViewState Editor. I will go try it again though with no extensions and see if that makes a difference.

Ethan | Last updated: May 10, 2023 03:10PM UTC

Update: Unloading the extensions fixed the issue. Is one of those extensions known to modify outgoing requests sent from repeater?

Ethan | Last updated: May 10, 2023 03:22PM UTC

Update: Param Miner is the culprit, and another user has also brought this up in a different thread.

Ben, PortSwigger Agent | Last updated: May 11, 2023 08:33AM UTC

Hi Ethan, Thank you for the confirmation!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.