Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Exploiting HTTP request smuggling to perform web cache deception NOT WORKING

kairosdev | Last updated: Sep 09, 2021 07:08PM UTC

I'm trying to solve this challenge with no success. I've typed this code on "Repeater" and send it innumerable times but I can't get a 401 response. POST / HTTP/1.1 Host: ac921f9e1e43510980d00f8c0079000b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 42 Transfer-Encoding: chunked 0 GET /my-account HTTP/1.1 X-Ignore: X Neither I can login as "carlos" and I had to login as "wiener".

Uthman, PortSwigger Agent | Last updated: Sep 10, 2021 04:05PM UTC

Have you tried waiting for the lab to reset before attempting to complete it again?

kairosdev | Last updated: Sep 10, 2021 05:40PM UTC

How long do I have to wait? How do I know it had been reseted?

kairosdev | Last updated: Sep 10, 2021 06:35PM UTC

No problem. I got the solution on this video https://www.youtube.com/watch?v=h2CUQ2wN9OA. If someone has the same problem, this video explain the easier way of doing it, even though you don't have to go back to your Proxy History to see the API Key. You can see it on the "Repeater" response.

Uthman, PortSwigger Agent | Last updated: Sep 13, 2021 08:10AM UTC