Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Host validation bypass via connection state attack

Tubasatan | Last updated: Jun 01, 2023 10:40AM UTC

When trying to solve the lab, instead of getting redirected back to the home page I get a 403 Forbidden. I've follow the written guide and step 3 does not behave as expected.

Ben, PortSwigger Agent | Last updated: Jun 01, 2023 10:54AM UTC

Hi, Are you able to provide us with a screenshot of what your request looks like within Burp so that we can take a look at this for you? If it is easier to provide your screenshot via email (you cannot provide attachments on the forum) then please feel free to email us at support@portswigger.net and we can take a look from there.

Tubasatan | Last updated: Jun 01, 2023 11:50AM UTC

https://imgur.com/a/cEOiOeF

Ben, PortSwigger Agent | Last updated: Jun 01, 2023 12:49PM UTC

Hi, It does not look like the request you are manipulating has a session cookie. If you navigate to the home page in your lab instance and then click the 'Home' link this should generate a new request with a couple of cookies within it. If you then use this request going forward, does this then allow you to carry out step 3 successfully?

Tubasatan | Last updated: Jun 02, 2023 07:16AM UTC

That was it. Thanks! ^_^

Vankog | Last updated: Nov 07, 2023 11:54AM UTC