Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Lab: SSRF via flawed request parsing

Tubasatan | Last updated: Apr 20, 2023 07:19AM UTC

I've been at this one for over a day. I've followed the steps outlined in the solution and followed the steps in the community video but I keep getting the same error. I get to the admin panel and find the csrf token. When I go to delete carlos burp reports "Stream failed to close correctly". Any insight as to what's going on?

Ben, PortSwigger Agent | Last updated: Apr 20, 2023 05:28PM UTC

Hi, We recently changed the Web Academy so that the labs support HTTP/2. There are some labs that have been impacted by this change - currently we believe that some of the Host Header attack labs need some further work in order for them to function as expected in conjunction with HTTP/2. If you switch your Repeater requests to use HTTP/1 are you then able to solve this lab? If you do not know how to make this change within Repeater then please let us know and we can guide you further.

ديم | Last updated: Apr 25, 2023 09:02PM UTC

how to change the repeater to http/1?

Ben, PortSwigger Agent | Last updated: Apr 26, 2023 06:44AM UTC