Burp Suite User Forum

Login to post

Exploiting HTTP request smuggling to capture other users' requests

Rajathi | Last updated: Mar 12, 2021 04:34AM UTC

Hi, I am doing the portswigger lab exercises,one of the lab is unable to solve. i follow all the steps as given in the solution. i can reach all the steps but the lab is not solved.If anybody aware of this lab, please advise on this. The lab link is given below. https://portswigger.net/web-security/request-smuggling/exploiting/lab-capture-other-users-requests Thanks

Rajathi | Last updated: Mar 12, 2021 11:37AM UTC

Hi, can i have any solution for the above mentioned lab. Thanks

Michelle, PortSwigger Agent | Last updated: Mar 12, 2021 11:58AM UTC

Thanks for your message. You might find this video from one of our other users helpful, it goes through the various steps to complete the lab: https://www.youtube.com/watch?v=v0jWcPEjNXI Have another try and see how you get on. Good luck :-)

Rajathi | Last updated: Mar 12, 2021 03:32PM UTC

Hai Michelle, Thanks for the reply. I watch the video already, it shows the different cookie session in that lab. https://portswigger.net/web-security/request-smuggling/exploiting/lab-capture-other-users-requests in this lab it shows the same cookie in all the proxy url. Looking forward your solution. Thank you so much.

Rajathi | Last updated: Mar 13, 2021 11:15AM UTC

Hi, Any solution for this issue. Thanks.

Michelle, PortSwigger Agent | Last updated: Mar 15, 2021 10:27AM UTC

Hi Do you see the comments on the blog post showing another user's request?

Michael | Last updated: Aug 05, 2021 05:53AM UTC

I'm experiencing the same issue. Always getting the same cookie as the one used on smuggled request on stored requests. When I try to use it in login post, always responds as NOT SOLVED.

Michelle, PortSwigger Agent | Last updated: Aug 05, 2021 07:35AM UTC

Thanks for your message. Can you tell us a bit more about the steps you have taken to get to this point, please? Do you see a blog post with a comment including a user's request? If you follow along with the community video solution, does that help? This is a lab where you might need to repeat the attack a few times before it's successful as the target user only browses the website intermittently, if you repeat the test a few more times, do you see anything different?

Bryan | Last updated: Sep 13, 2021 06:41AM UTC

I am also having the same issue. The cookie returned is the same as the one submitted in the smuggled request. I've tried doing multiple times already, in a span of 3 days. Content-Length is capped at 808, with the end of the cookie returned in the comments section as "Connection: close". Is this a glitch on the lab itself? Or is there a workaround for it?

Michelle, PortSwigger Agent | Last updated: Sep 13, 2021 01:50PM UTC

Thanks for your message. The victim doesn't visit the page constantly so you might need to send the request a few times before you get a result other than seeing your own cookie. We have tested the lab and we can see blog posts that show the victim's cookie but we did have to send the requests a few times. I'd also maybe suggest using a slightly shorter content-length, maybe start at around 700 and slowly increase from there. Good luck, don't give up, you will crack it :-)

You need to Log in to post a reply. Or register here, for free.