Burp Suite User Forum

Login to post

cache server

M'hirsi | Last updated: Oct 04, 2021 09:35PM UTC

Hello, Cache server don't reflect any hit messages, even when changing the headers as indicated by the lab solution I don't receive any hits, I think the bug is related to cache server. Thank you for fixing the problem. Kind regards, Roothem

Ben, PortSwigger Agent | Last updated: Oct 05, 2021 05:48PM UTC

Hi Roothem, Can you confirm the name of the lab that you are having issues with so that we can take a look for you?

M'hirsi | Last updated: Oct 06, 2021 09:40PM UTC

Hi Ben, Most of the labs under "web cache poisoning" attack where I list the following: - //web-security/websockets/cross-site-websocket-hijacking/lab - //web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-unkeyed-query - //web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-unkeyed-param - //web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-param-cloaking - //web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-fat-get - //web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-normalization - //web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-cache-key-injection - //web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-internal Thank you R

Ben, PortSwigger Agent | Last updated: Oct 07, 2021 07:19AM UTC

Hi Roothem, I have just run through the 'Web cache poisoning via an unkeyed query string' lab and was able to solve this using the solution provided. If this is not working for you are you able to provide us with some details of the steps that you are taking to try and solve the lab? In addition, have you seen the video solutions that some of our users made for the labs? The video solution (created by Michael Sommer) for the 'Web cache poisoning via an unkeyed query string' lab is below: https://www.youtube.com/watch?v=P6uykUC174Q

M'hirsi | Last updated: Oct 07, 2021 11:25PM UTC

Hello again, I installed again burp suite and I am able to solve the lab, burp was adding a random string to my cache buster which is reflected in the response. Thank you for your time, RT

You need to Log in to post a reply. Or register here, for free.