Burp Suite User Forum

Login to post

HTTP Request Smuggler: Error in thread: Can't find the header: Connection. See error pane for stack trace.

Jas | Last updated: Aug 30, 2021 11:37PM UTC

When using the HTTP Request Smuggler extension (updated 06 Aug 2021) in Burp Suite Professional (v2021.8.2) to "Smuggle Probe", the probing failed with the following error message: Queued 1 attacks from 1 requests in 0 seconds Unexpected report with response header locating fail: Connection 'POST / HTTP/1.1 [actual request omitted] ' Error in thread: Can't find the header: Connection. See error pane for stack trace. The stack trace is: java.lang.RuntimeException: Can't find the header: Connection at burp.Utilities.setHeader(Utilities.java:968) at burp.Utilities.setHeader(Utilities.java:948) at burp.SmuggleScanBox.leftAlive(SmuggleScanBox.java:127) at burp.ChunkContentScan.doConfiguredScan(ChunkContentScan.java:60) at burp.SmuggleScanBox.doScan(SmuggleScanBox.java:111) at burp.Scan.doScan(BulkScan.java:552) at burp.BulkScanItem.run(BulkScan.java:472) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:832) However, when I replayed the involved request, I could see the Connection header in the response. I repeated the probing a few times and always hit the same error. Did anyone experience the same error? Thanks!

Michelle, PortSwigger Agent | Last updated: Aug 31, 2021 11:23AM UTC

Thanks for your message. Were you working on one of the Web Security Labs when you encountered this problem? If so, which lab were you working on? What settings did you choose when using the HTTP Request Smuggler extension? Were any issues found and reported by the extension on Burp's Dashboard?

Jas | Last updated: Sep 03, 2021 12:08AM UTC

Thanks for your reply. No. This particular error is not for the lab. However, with a freshly installed windows 10 pro VM (with just chrome and firefox installed) + Burp Suite Professional (upgrade to v2021.8.2) + the HTTP Request Smuggler extension (version: updated 06 Aug 2021), when using the default configurations of the extension to run "Smuggle probe" against the HTTP request smuggling, basic CL.TE vulnerability lab (Endpoint: GET / HTTP/1.1), I got the following error in the output tab of the extension: Using albinowaxUtils v0.4 Loaded HTTP Request Smuggler v2.0 Updating active thread pool size to 8 Loop 0 Queued 1 attacks from 1 requests in 0 seconds TImeout with response. Start time: 1630650320861 Current time: 1630650332076 Difference: 11215 Tolerance: 10000 Unexpected report with response Error in thread: Cannot invoke "String.length()" because "decoded" is null. See error pane for stack trace. The stack trace under the Error tab of the extension is below: java.lang.NullPointerException: Cannot invoke "String.length()" because "decoded" is null at burp.ConfigurableSettings.getString(ConfigurableSettings.java:177) at burp.ChunkContentScan.sendPoc(ChunkContentScan.java:132) at burp.ChunkContentScan.doConfiguredScan(ChunkContentScan.java:76) at burp.SmuggleScanBox.doScan(SmuggleScanBox.java:111) at burp.Scan.doScan(BulkScan.java:552) at burp.BulkScanItem.run(BulkScan.java:472) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:832) There are total 25 requests sent by the extension. Not sure if the probing was stopped by the error or completed. The third from the last request got a 500 internal server error response. It is not clear if the extension error was caused by the internal server error during probing. FYI The request was: POST / HTTP/1.1 Host: acd81fb31f4cf3fb80bc2b95006700e4.web-security-academy.net Cookie: session=RMdjyJWtcmrbbT8NNeTnwub97Pmjgn0q Cache-Control: max-age=0 Sec-Ch-Ua: "Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 13 tRANSFER-ENCODING: chunked 3 x=y 1 Z Q And the response was: HTTP/1.1 500 Internal Server Error Connection: close Content-Length: 21 Internal Server Error The above error is reproduceable. Note again, this is a fresh windows 10 pro VM, no other software installed apart from Chrome and Firefox, then Burp v2021.8.1 was installed then upgraded to v2021.8.2. then installed the HTTP Request Smuggler extension. No other extensions have been installed to minimize any possible noise. The system info is below: OS Name: Microsoft Windows 10 Pro OS Version: 10.0.18362 N/A Build 18362 OS Manufacturer: Microsoft Corporation OS Configuration: Standalone Workstation OS Build Type: Multiprocessor Free Original Install Date: 1/09/2021, 9:45:27 pm System Boot Time: 2/09/2021, 4:44:40 am System Manufacturer: QEMU System Model: Standard PC (i440FX + PIIX, 1996) System Type: x64-based PC Processor(s): 4 Processor(s) Installed. [01]: Intel64 Family 6 Model 6 Stepping 3 GenuineIntel ~2400 Mhz [02]: Intel64 Family 6 Model 6 Stepping 3 GenuineIntel ~2400 Mhz [03]: Intel64 Family 6 Model 6 Stepping 3 GenuineIntel ~2400 Mhz [04]: Intel64 Family 6 Model 6 Stepping 3 GenuineIntel ~2400 Mhz BIOS Version: SeaBIOS 1.10.2-1ubuntu1, 1/04/2014 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume1 System Locale: en-us;English (United States) Input Locale: en-us;English (United States) Time Zone: (UTC-08:00) Pacific Time (US & Canada) Total Physical Memory: 16,383 MB Available Physical Memory: 12,476 MB Virtual Memory: Max Size: 19,327 MB Virtual Memory: Available: 15,379 MB Virtual Memory: In Use: 3,948 MB Page File Location(s): C:\pagefile.sys Domain: WORKGROUP Hotfix(s): 5 Hotfix(s) Installed. [01]: KB4514359 [02]: KB4513661 [03]: KB4515383 [04]: KB4516115 [05]: KB4515384 Network Card(s): 1 NIC(s) Installed.

Michelle, PortSwigger Agent | Last updated: Sep 08, 2021 01:01PM UTC

Thanks for the update. This is fixed in the next release of HTTP Request Smuggler which will be coming to the BApp Store soon. Please let us know if you have any further questions.

You need to Log in to post a reply. Or register here, for free.