Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Can't solve web cache poisoning with an unkeyed header

wintergiraffe | Last updated: Jan 31, 2023 12:05PM UTC

It appears that there is no simulated user to view the poisoned JS file and get an alert() no matter how often the cache is poisoned. This means it doesn't seem possible to solve this. Is the simulated user visiting the page periodically?

wintergiraffe | Last updated: Jan 31, 2023 12:28PM UTC

I also have the same issue on: "Targeted web cache poisoning using an unknown header" even with the correct User-Agent and cache poisoned.

Ben, PortSwigger Agent | Last updated: Jan 31, 2023 05:31PM UTC

Hi both, I have just run through this lab and been able to solve it using the solution provided so the lab does appear to be working as expected. If it helps, the request I am sending, alongside the exploit server configuration, are shown in the screenshot below: https://snipboard.io/Ljx6n8.jpg Are either of you able to provide some specific details (step by step would be useful) with regards to how you are attempting to solve the lab?

wintergiraffe | Last updated: Feb 05, 2023 07:23PM UTC

I have retried these labs multiple times but I can't get it be solved even when poisoning the cache. For some reason when I test the website in burps in built browser it shows the alert. However when I open the link in firefox and clear all browser caching it never sees the poisoned js file. I use linux mint. I followed all the lab solutions as-is so your screen shot is exactly what I'm trying to no avail.

Ben, PortSwigger Agent | Last updated: Feb 06, 2023 05:25PM UTC

Hi, Do you have any extensions loaded that might be impacting on the requests that you are issuing?

wintergiraffe | Last updated: Feb 08, 2023 07:11PM UTC

I'm going to disable all extensions and try it again ASAP cheers. At the time I would have had Param Miner & HTTP Request Smuggler loaded.

wintergiraffe | Last updated: Feb 25, 2023 08:24PM UTC

Having disabled some extensions and re-tried it tonight I have solved the lab and it obviously appears to be working. I'm really not sure what I was doing differently last time because I did exactly the same thing again. I didn't provide a cache buster url this time and poisoned the website directly but I don't think that has anything to do with the issue I had previously. Please close off this ticket.

Ben, PortSwigger Agent | Last updated: Feb 27, 2023 09:34AM UTC

Hi, I would suspect that the Param Miner extension might have been impacting the requests that you were sending but glad to hear that you can now solve these labs.

Matteo | Last updated: Nov 14, 2023 02:06PM UTC

Hi, i'm also experiencing issues with this lab. Everything is working well but it doesn't become "solved". I can execute the xss from another anonymous windows and also from another browser, but the lab still remain unsolved. Here are my screenshots: https://ibb.co/DpgZVMC https://ibb.co/pLBPf5m Thanks

Ben, PortSwigger Agent | Last updated: Nov 15, 2023 11:37AM UTC

Hi Matteo, I have just run through this lab and been able to solve it using the solution provided so it does appear to be working as expected. There is a fair amount of timing involved in this lab so it is possible you need to resend the request a few times - are you consistently not able to solve this lab?

Matteo | Last updated: Nov 17, 2023 04:50PM UTC