Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: CL-TE request smuggling lab is not working with the official solution.

Eragon | Last updated: Mar 14, 2023 06:27AM UTC

The HTTP request: POST / HTTP/2 Host: 0ac000af04eed935c3233d650017001f.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 8 Transfer-Encoding: chunked 0 G and the response is same as the first response. I have tried so many times. still not able to solve the problem

Ben, PortSwigger Agent | Last updated: Mar 14, 2023 08:57AM UTC

Hi Eragon, You would need to specifically set the protocol to be HTTP/1 in the 'Request attributes' section of the Inspector (see the screenshot below): https://snipboard.io/N0X9hz.jpg

Eragon | Last updated: Mar 14, 2023 09:28AM UTC

Got it. The problem got solved. Thanks a lot Ben

Eragon | Last updated: Mar 14, 2023 09:37AM UTC

Btw, why it was not working for Http version 2?

Ben, PortSwigger Agent | Last updated: Mar 14, 2023 02:14PM UTC

Hi Eragon, These specific labs are designed to be used with HTTP/1.1 - using HTTP/2 is actually a suggested method for preventing the types of vulnerabilities that these labs are introducing. There is more specific, information about this on the page below: https://portswigger.net/web-security/request-smuggling#how-to-prevent-http-request-smuggling-vulnerabilities

Eragon | Last updated: Mar 15, 2023 05:08AM UTC