The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

lab-request-smuggling-h2-web-cache-poisoning-via-request-tunnelling

Roumy | Last updated: Nov 01, 2023 07:05AM UTC

Hi there I am trying to solve the lab :request-smuggling-h2-web-cache-poisoning-via-request-tunnelling, and i encountered the following problem: I set my request to HTTP2 then i try to inject path content with a /r/n (using shift + enter) I press apply, but my request is not marked as "kettled" as i should expected, when i press send, my payload is automatically sanitized and /r/n is automatically removed. Of course response is "Invalid request", this behavior prevents me to solve labs. I've tried poke with repeater options 'normalize HTTP/1 ending' but it did not solve the solution. Here is the version i am using Burp Version 2023.10.2.3 Build Number 24206 Product Name Burp Suite Professional

Michelle, PortSwigger Agent | Last updated: Nov 01, 2023 10:23AM UTC

Hi There is a bug in the current versions that is affecting the ability to add /r/n in the Inspector panel. We do have a fix for this, which should be in the next Early Adopter release coming soon. If you'd prefer not to wait, you can download an earlier version of Burp that is not affected by Burp, for example, 2023.7.3. If you download the JAR file, you can run this version from the CLI without affecting any installed versions of Burp. https://portswigger.net/burp/documentation/desktop/troubleshooting/launch-from-command-line

Roumy | Last updated: Nov 01, 2023 11:36AM UTC

Thanks for the reply Michelle I've tried 2023.7.3, i confirm there is no problem with /r/n but there is one with arguments. As soon as there is a ? the edited field is stripped and thus i could not insert payload to solve the lab. I will retry with next release

Dominyque, PortSwigger Agent | Last updated: Dec 20, 2023 02:56PM UTC