Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: Client-side desync - Browser Attack

Trevor | Last updated: Jan 20, 2023 12:11AM UTC

Has anyone successfully replicated the Client-side desync browser attack from the lab? https://portswigger.net/web-security/request-smuggling/browser/client-side-desync/lab-client-side-desync I'm able to get through "Identifying an exploitable target" in Burp but cannot get the same results when running the attack in the browser. The expected results are from step 6 should be 3 requests: 1. The initial request, which has triggered a CORS error. 2. A request for /capture-me, which has been redirected to the post confirmation page. 3. A request to load the post confirmation page. I also get 3 requests except I receve: 1. The initial request, which has triggered a CORS error. 2. A failed 302 3. A 404 to the /capture-me I don't see the request to load the post confirmation page. Has anyone successfully passed this lab? And would you mind sharing your fetch script? Thanks

Michelle, PortSwigger Agent | Last updated: Jan 20, 2023 01:17PM UTC

Hi We've just checked through this lab, and on step 6 of 'Replicate the attack in your browser' we did see all three requests in the network tab using the script listed in the solution. Maybe give this one another go and check to see what happens and cross-check the details you're adding to the script against the ones yo used in the previous steps of the solution. I hope this helps.

Trevor | Last updated: Jan 20, 2023 02:30PM UTC