Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: HTTP request smuggling, basic CL.TE vulnerability

pin | Last updated: May 25, 2023 08:44PM UTC

I can't solve lab tried many times, help here is the code - POST / HTTP/1.1 Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 6 Transfer-Encoding: chunked 0 G

Dominyque, PortSwigger Agent | Last updated: May 26, 2023 01:28PM UTC

Hi We have trialed the lab and can confirm it works as it should. Have you tried watching our community solution videos? They will give you step-by-step guidance on this lab.

P1N | Last updated: May 28, 2023 08:47PM UTC

I tried, I attached the code, I've been trying to solve everything for 2 days and watched the video and the usual solution, in no way

Ben, PortSwigger Agent | Last updated: May 29, 2023 09:47AM UTC

Hi, Have you specifically changed the Protocol being used to HTTP/1.1 within the Inspector panel? Are you ablet to provide us with a screenshot of what you see in the Request and Response windows after you have sent your malicious request two times?

P1N | Last updated: May 30, 2023 04:41PM UTC

how can I send a screenshot, there is no such function??Yes, I specifically changed it to 1.1 http, according to the assignment, it's necessary POST / HTTP/1.1\r\n Host: 0a3500f90359495b811ec02e002700bc.web-security-academy.net\r\n Connection: keep-alive\r\n Content-Type: application/x-www-form-urlencoded\r\n Content-Length: 6\r\n Transfer-Encoding: chunked\r\n \r\n 0\r\n \r\n G

Dominyque, PortSwigger Agent | Last updated: May 31, 2023 06:51AM UTC

Hi If you are still having issues with the lab, you can email us at support@portswigger.net and attach screenshots or a video recording there so that we can better help.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.