Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

HTTP Request Smuggler, invalid poc type

The | Last updated: Jan 03, 2023 08:51AM UTC

Hello, trying Burp Academy and catch the issue with above extension, by simply pushing Extensions > HTTP Request Smuggler > Smuggle probe and error message pane I can see: Establishing 1 connection to https://0a34004704e00c88c01163ff00440039.web-security-academy.net:443 ... Ignoring error: java.lang.IllegalStateException Completed attack on https://0a34004704e00c88c01163ff00440039.web-security-academy.net:443 Sent 1 requests over 2 connections in 0.87241524 seconds RPS: 1 java.lang.RuntimeException: Invalid poc type at burp.ChunkContentScan.tryPocs(ChunkContentScan.java:230) at burp.ChunkContentScan.doConfiguredScan(ChunkContentScan.java:26) at burp.SmuggleScanBox.doConfiguredScan(SmuggleScanBox.java:137) at burp.SmuggleScanBox.doScan(SmuggleScanBox.java:118) at burp.Scan.doScan(Scan.java:61) at burp.BulkScanItem.run(BulkScanItem.java:24) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) How I can repair that?

Hannah, PortSwigger Agent | Last updated: Jan 03, 2023 01:35PM UTC

Hi Could you tell us the title of the lab that you were running the smuggle probe against, so we can try and replicate this issue?

The | Last updated: Jan 03, 2023 02:14PM UTC

As far as I remember that was one of the very first labs, "HTTP request smuggling, basic CL.TE vulnerability"

Hannah, PortSwigger Agent | Last updated: Jan 03, 2023 04:44PM UTC

Thanks for that information! When launching your smuggle probe, if you uncheck the option "poc: collab-abs:" do you still receive this error message?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.