Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

HTTPRQ Lab - Exploiting HTTP request smuggling to deliver reflected XSS

Joshua | Last updated: Jan 27, 2021 06:14AM UTC

Hey guys, I hope you're all well today. This seems to be a pretty interesting bug! I have no idea what is going on, but while trying to solve this lab, something seems to have broken in the back-end, and now every time I load the web root, only an image is loaded. Interestingly, it's a DIFFERENT image every time, and the body of the request seems to be encoded for some strange reason. The beginning of the responses look like the following: HTTP/1.1 200 OK Content-Type: image/jpeg Cache-Control: public, max-age=3600 Content-Encoding: gzip Keep-Alive: timeout=0 X-XSS-Protection: 0 Connection: close Content-Length: 270485 ÿØÿáExif (The rest of the 270k response is all jumbled)

Joshua | Last updated: Jan 27, 2021 06:16AM UTC

Update: There is one thing in common with all the responses - they all seem to have something to do with Adobe (often including xmp:CreatorTool="Adobe Photoshop CC 2018" - but not always). But other than the start of the response body which includes this, it seems to still always be encoded in some way. Thanks :)

Uthman, PortSwigger Agent | Last updated: Jan 27, 2021 11:54AM UTC

Hi Joshua, Thanks for reporting this. I am having some issues replicating your issue. Does it occur on the homepage? Can you please provide some replication steps? If you have any extensions enabled, can you please disable these and try again? The lab should reset after ~15 minutes so please wait for this first. If the issue persists, please send a screen recording to support@portswigger.net

Joshua | Last updated: Jan 28, 2021 02:00AM UTC

Hey Uthman, It's no problem for me - I knew the lab would reset on its own after a while. I only really wanted to let you know in case it might have been something you would want to look into. But if not, then I guess we're done here :) Thanks again

Alec | Last updated: Sep 05, 2021 01:14AM UTC