The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Cache Poisoning Labs

Ethan | Last updated: May 09, 2023 08:45PM UTC

I have been experiencing issues with the web cache poisoning labs the last couple days where the labs are not caching the HTTP responses at all. No matter how many times I resend the same basic requests (e.g. GET /), I always see "X-Cache: miss" in the response headers. The labs in which I have recently experienced this are "Web cache poisoning via ambiguous requests" and "Web cache poisoning with multiple headers".

Ben, PortSwigger Agent | Last updated: May 10, 2023 10:15AM UTC

Hi Ethan, Do you have any extensions running when you are attempting these labs?

Ethan | Last updated: May 10, 2023 03:04PM UTC

Yes! JS Miner, Java Deserialization Scanner, Param Miner, Active Scan++, Backslash powered scanner, Content Type Converter, Freddy, HTTP Request Smuggler, JWT Editor, Hackvertor, ViewState Editor. I will go try it again though with no extensions and see if that makes a difference.

Ethan | Last updated: May 10, 2023 03:10PM UTC

Update: Unloading the extensions fixed the issue. Is one of those extensions known to modify outgoing requests sent from repeater?

Ethan | Last updated: May 10, 2023 03:22PM UTC

Update: Param Miner is the culprit, and another user has also brought this up in a different thread.

Ben, PortSwigger Agent | Last updated: May 11, 2023 08:33AM UTC