Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Can't solve web cache poisoning with an unkeyed header

wintergiraffe | Last updated: Jan 31, 2023 12:05PM UTC

It appears that there is no simulated user to view the poisoned JS file and get an alert() no matter how often the cache is poisoned. This means it doesn't seem possible to solve this. Is the simulated user visiting the page periodically?

wintergiraffe | Last updated: Jan 31, 2023 12:28PM UTC

I also have the same issue on: "Targeted web cache poisoning using an unknown header" even with the correct User-Agent and cache poisoned.

Ben, PortSwigger Agent | Last updated: Jan 31, 2023 05:31PM UTC

Hi both, I have just run through this lab and been able to solve it using the solution provided so the lab does appear to be working as expected. If it helps, the request I am sending, alongside the exploit server configuration, are shown in the screenshot below: https://snipboard.io/Ljx6n8.jpg Are either of you able to provide some specific details (step by step would be useful) with regards to how you are attempting to solve the lab?

wintergiraffe | Last updated: Feb 05, 2023 07:23PM UTC

I have retried these labs multiple times but I can't get it be solved even when poisoning the cache. For some reason when I test the website in burps in built browser it shows the alert. However when I open the link in firefox and clear all browser caching it never sees the poisoned js file. I use linux mint. I followed all the lab solutions as-is so your screen shot is exactly what I'm trying to no avail.

Ben, PortSwigger Agent | Last updated: Feb 06, 2023 05:25PM UTC

Hi, Do you have any extensions loaded that might be impacting on the requests that you are issuing?

wintergiraffe | Last updated: Feb 08, 2023 07:11PM UTC

I'm going to disable all extensions and try it again ASAP cheers. At the time I would have had Param Miner & HTTP Request Smuggler loaded.

wintergiraffe | Last updated: Feb 25, 2023 08:24PM UTC

Having disabled some extensions and re-tried it tonight I have solved the lab and it obviously appears to be working. I'm really not sure what I was doing differently last time because I did exactly the same thing again. I didn't provide a cache buster url this time and poisoned the website directly but I don't think that has anything to do with the issue I had previously. Please close off this ticket.

Ben, PortSwigger Agent | Last updated: Feb 27, 2023 09:34AM UTC

Hi, I would suspect that the Param Miner extension might have been impacting the requests that you were sending but glad to hear that you can now solve these labs.

You need to Log in to post a reply. Or register here, for free.