Burp Suite User Forum

Create new post

Lab: CL-TE request smuggling lab is not working with the official solution.

Eragon | Last updated: Mar 14, 2023 06:27AM UTC

The HTTP request: POST / HTTP/2 Host: 0ac000af04eed935c3233d650017001f.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 8 Transfer-Encoding: chunked 0 G and the response is same as the first response. I have tried so many times. still not able to solve the problem

Ben, PortSwigger Agent | Last updated: Mar 14, 2023 08:57AM UTC

Hi Eragon, You would need to specifically set the protocol to be HTTP/1 in the 'Request attributes' section of the Inspector (see the screenshot below): https://snipboard.io/N0X9hz.jpg

Eragon | Last updated: Mar 14, 2023 09:28AM UTC

Got it. The problem got solved. Thanks a lot Ben

Eragon | Last updated: Mar 14, 2023 09:37AM UTC

Btw, why it was not working for Http version 2?

Ben, PortSwigger Agent | Last updated: Mar 14, 2023 02:14PM UTC

Hi Eragon, These specific labs are designed to be used with HTTP/1.1 - using HTTP/2 is actually a suggested method for preventing the types of vulnerabilities that these labs are introducing. There is more specific, information about this on the page below: https://portswigger.net/web-security/request-smuggling#how-to-prevent-http-request-smuggling-vulnerabilities

Eragon | Last updated: Mar 15, 2023 05:08AM UTC

Okhee Ben, Thanks a lot

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.