The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: Bypassing access controls via HTTP/2 request tunnelling

Nordy | Last updated: Jun 01, 2023 02:27PM UTC

Up to point 8 - everything goes right! 8. Change the request method to HEAD and edit your malicious header so that it smuggles a request for the admin panel. Include the three client authentication headers, making sure to update their values as follows: Change the request method to HEAD - response 200 Change the :path to /login - response 200 update: Name foo: bar\r\n \r\n GET /admin HTTP/1.1\r\n X-SSL-VERIFIED: 1\r\n X-SSL-CLIENT-CN: administrator\r\n X-FRONTEND-KEY: 4915524682751556\r\n \r\n Value xyz response - 500 HTTP/2 500 Internal Server Error Content-Type: text/html; charset=utf-8 Content-Length: 125 <html><head><title>Server Error: Proxy error</title></head><body><h1>Server Error: Communication timed out</h1></body></html> Tried to do it a dozen times in different sequences The result is the same - response 500 Help please

Dominyque, PortSwigger Agent | Last updated: Jun 02, 2023 01:03PM UTC