Burp Suite User Forum

Create new post

Lab: Bypassing access controls via HTTP/2 request tunnelling

Nordy | Last updated: Jun 01, 2023 02:27PM UTC

Up to point 8 - everything goes right! 8. Change the request method to HEAD and edit your malicious header so that it smuggles a request for the admin panel. Include the three client authentication headers, making sure to update their values as follows: Change the request method to HEAD - response 200 Change the :path to /login - response 200 update: Name foo: bar\r\n \r\n GET /admin HTTP/1.1\r\n X-SSL-VERIFIED: 1\r\n X-SSL-CLIENT-CN: administrator\r\n X-FRONTEND-KEY: 4915524682751556\r\n \r\n Value xyz response - 500 HTTP/2 500 Internal Server Error Content-Type: text/html; charset=utf-8 Content-Length: 125 <html><head><title>Server Error: Proxy error</title></head><body><h1>Server Error: Communication timed out</h1></body></html> Tried to do it a dozen times in different sequences The result is the same - response 500 Help please

Dominyque, PortSwigger Agent | Last updated: Jun 02, 2023 01:03PM UTC

Hi We have tested the lab and confirmed that it works as it should. Unfortunately, we do not have a community solution video for this lab yet; however, this video: https://www.youtube.com/watch?v=kg1aOiSvk6Q- did a great job walking through the steps.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.