Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab seems it doesn't work

Affan | Last updated: Apr 01, 2022 04:34AM UTC

Hi, This following lab doesn't work as expected. https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-unkeyed-query In this lab the response is expected to be cached. If we access the '/' page (homepage) of the lab it should return a cached response with a header 'X-Cache: hit' but it always returns the header 'X-Cache: miss'. I have also tried by adding and removing session cookies but it doesn't work.

Michelle, PortSwigger Agent | Last updated: Apr 01, 2022 11:30AM UTC

Thanks for your message. Do you have any extensions enabled whilst you are working on this lab? For example, if you have Param Miner enabled, do you currently have this set to add a cache buster to your requests?

Affan | Last updated: Apr 02, 2022 04:23AM UTC

Hi Michelle, The lab is working now. Although i haven't tried anything different. Response is being cached properly. Maybe a new code is deployed.

Affan | Last updated: Apr 07, 2022 06:44AM UTC

I am facing the same problem in the following lab. https://portswigger.net/web-security/host-header/exploiting/lab-host-header-web-cache-poisoning-via-ambiguous-requests Response is not being cached. Can you please try to solve it.

Michelle, PortSwigger Agent | Last updated: Apr 07, 2022 10:23AM UTC

Thanks for your message. We have checked the lab and confirmed it is possible to solve it using the solution provided. Do you have any extensions enabled?

Affan | Last updated: Apr 07, 2022 11:02AM UTC

I had param miner enabled, so I disabled that. Now it's working.

andrew | Last updated: May 31, 2022 06:01AM UTC

It seems the lab now sets the cookie to httponly, so I can't complete the lab since alert(document.cookie) does not work

Michelle, PortSwigger Agent | Last updated: May 31, 2022 07:46AM UTC

Thanks for your message. We haven't made any changes to the functionality of the labs, we were just making changes to the infrastructure, so the labs will behave in the same way as before. Can you tell us more about the steps you were taking, please? Were you following through with lab solution?

Peter | Last updated: Apr 30, 2024 01:00PM UTC