Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Cache Poisoning - Unkeyed Header and Unkeyed Cookie Labs Not Working?

Mauro | Last updated: Jul 01, 2024 03:59PM UTC

I solved both labs since I can trigger the correspondent alerts after requesting the main homepage address from my browser, but the Not Solved label never changes to Solved. Are there any issues related to the user who is supposedly periodically visiting the / webpage? Are there any recent solutions for those two labs? Thanks!

Ben, PortSwigger Agent | Last updated: Jul 02, 2024 07:29AM UTC

Hi Mauro, I have just run through the Unkeyed Header lab and was able to solve it using the written solution, so it does appear to be functioning as expected. I think it is fair to say that these types of lab rely a lot on timing and you may need to send your malicious request several times (in order to keep the cache poisoned) before the victim user does actually fall victim to this.

Mauro | Last updated: Jul 02, 2024 10:20AM UTC

Hello, thanks for the reply Ben! But, I am solving the labs, now even closely following the detailed steps in the solution and the same happens: on my end, whenever I request /, I get the alerts triggered for both labs. But the Not Solved is not changing to Solved. I kept poisoning the cache for almost 5 minutes, non stop, and still nothing. Are your sure everything is OK in your end? Are those labs being solved lately by an average number of users? Thanks!

Ben, PortSwigger Agent | Last updated: Jul 02, 2024 10:33AM UTC