Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

HTTP Request Smuggler, invalid poc type

The | Last updated: Jan 03, 2023 08:51AM UTC

Hello, trying Burp Academy and catch the issue with above extension, by simply pushing Extensions > HTTP Request Smuggler > Smuggle probe and error message pane I can see: Establishing 1 connection to https://0a34004704e00c88c01163ff00440039.web-security-academy.net:443 ... Ignoring error: java.lang.IllegalStateException Completed attack on https://0a34004704e00c88c01163ff00440039.web-security-academy.net:443 Sent 1 requests over 2 connections in 0.87241524 seconds RPS: 1 java.lang.RuntimeException: Invalid poc type at burp.ChunkContentScan.tryPocs(ChunkContentScan.java:230) at burp.ChunkContentScan.doConfiguredScan(ChunkContentScan.java:26) at burp.SmuggleScanBox.doConfiguredScan(SmuggleScanBox.java:137) at burp.SmuggleScanBox.doScan(SmuggleScanBox.java:118) at burp.Scan.doScan(Scan.java:61) at burp.BulkScanItem.run(BulkScanItem.java:24) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) How I can repair that?

Hannah, PortSwigger Agent | Last updated: Jan 03, 2023 01:35PM UTC

Hi Could you tell us the title of the lab that you were running the smuggle probe against, so we can try and replicate this issue?

The | Last updated: Jan 03, 2023 02:14PM UTC

As far as I remember that was one of the very first labs, "HTTP request smuggling, basic CL.TE vulnerability"

Hannah, PortSwigger Agent | Last updated: Jan 03, 2023 04:44PM UTC