Burp Suite User Forum

Login to post

Lab Not Working Properly

Nikhil | Last updated: Jul 08, 2020 03:22PM UTC

I am trying to solve this lab(Exploiting HTTP request smuggling to perform web cache poisoning) But seems it is not working properly i tried as per video solution by Micheal sommer. Request:- POST / HTTP/1.1 Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 185 Transfer-Encoding: chunked 0 GET /post/next?postId=3 HTTP/1.1 Host: aca71f681fe0a61c80c01e0d01930066.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 10 x=1 GET /resources/js/tracking.js HTTP/1.1 Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net Connection: close I am trying to solve it since tommorow. I am facing these kind of issues with the following labs:- 1.Lab: Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria 2.Exploiting HTTP request smuggling to perform web cache poisoning 3.Exploiting HTTP request smuggling to capture other users' requests I already wrote about my problems . and i tried video solution too on these lab.

Nikhil | Last updated: Jul 09, 2020 03:26AM UTC

secret=HulgmvDOrl4k4MBiIhXVaktHzetPTsFZ Now i am getting the cookie but the lab is not solving

Hannah, PortSwigger Agent | Last updated: Jul 09, 2020 01:52PM UTC

I can confirm that this lab is working as expected.

Salil | Last updated: Oct 02, 2020 06:50PM UTC

the burp is not working, because while submitting xss payload in lab 2 of xss, the burp is not showing any request.

Hannah, PortSwigger Agent | Last updated: Oct 05, 2020 07:11AM UTC

Hi. Have you set up Burp correctly? You can find our documentation here: https://portswigger.net/burp/documentation/desktop

Pawel | Last updated: Jan 13, 2021 09:40PM UTC

I have the same issue. I have been trying to solve it from 3 days. Still the same issue I have. Is anyone how made it? I see in browser the XSS (1) - (the document.cookie does not work even in Chrome) but LAB is not solved. :(

Hannah, PortSwigger Agent | Last updated: Jan 14, 2021 09:17AM UTC

I can confirm the lab is working as expected. You may need to repeat the POST/GET process several times before the attack succeeds.

Pavlina | Last updated: Jan 16, 2021 08:36AM UTC

Same issue. Even if POST/GET request is processed several times.

Hannah, PortSwigger Agent | Last updated: Jan 18, 2021 11:09AM UTC

If you're still unable to complete the lab, you could try disabling all extensions and then retry the lab - sometimes they can have conflicting options.

You need to Log in to post a reply. Or register here, for free.