Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: H2.CL request smuggling

Stefan | Last updated: Oct 13, 2023 12:23PM UTC

The H2.CL lab is not working for me as it should be. I'm trying to probe the application if it is vulnerable, but the test as described in the solution is not working. I get responses with http 200 and not 404. I attached a screen recording to show my problem. https://drive.google.com/file/d/1qFBRGeF5cVmnn6DmMSgQim9oOSzqScRt/view?usp=drive_link

Dominyque, PortSwigger Agent | Last updated: Oct 13, 2023 12:51PM UTC

Hi Stefan I have just tested this and can confirm that it works as it should. Which version of Burp are you using? Please see the screenshot attached: https://snipboard.io/Mw5kA6.jpg

Stefan | Last updated: Oct 13, 2023 01:15PM UTC

Hi Dominyque, Thanks for confirming. The problem is I can't think of what I'm doing differently. Version is: 2023.10.1.2-23718 Burp Suite Professional

Dominyque, PortSwigger Agent | Last updated: Oct 13, 2023 01:25PM UTC

Hi Stefan Have you tried using the embedded browser? Additionally, does anything change if you disable all your extensions?

Stefan | Last updated: Oct 13, 2023 02:00PM UTC

Hi Dominyque, it was the PwnFox extension. Thank you

Dominyque, PortSwigger Agent | Last updated: Oct 16, 2023 06:41AM UTC