Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Can't get cached response in the training lab

Dave | Last updated: Apr 15, 2020 06:22PM UTC

Howdy - first, thanks for the excellent FREE training - it is really outstanding. I'm working through the "Web cache poisoning with an unkeyed header" lab. Step 6 says: "Replay the request and observe that the response contains the header X-Cache: hit. This tells us that the response came from the cache." I'm replaying the GET request for the home page with (and without!) the cache-buster, but can't seem to get a cached response (X-Cache: hit) no matter how many times I send the request. I've watched this solutions video (https://www.youtube.com/watch?v=ZsrCoheszzo) for a somewhat older lab to understand the expected behavior, but can't get a cached response. I'm running Burp Suite Pro v2020.2.1 Build 1699 on Windows 10. Thanks for any direction.

Hannah, PortSwigger Agent | Last updated: Apr 16, 2020 07:09AM UTC

Do you have the param-miner extension installed? If so, can you please check that you haven't enabled "add dynamic cachebuster" or "add 'fcbz' cachebuster".

Dave | Last updated: Apr 16, 2020 06:52PM UTC

Well, yep, that fixed it - thanks! But I don't understand why that would change the response - can you explain it? Thanks again.

Hannah, PortSwigger Agent | Last updated: Apr 17, 2020 06:44AM UTC