Burp Suite User Forum

Create new post

Lab: SSRF via flawed request parsing

Tubasatan | Last updated: Apr 20, 2023 07:19AM UTC

I've been at this one for over a day. I've followed the steps outlined in the solution and followed the steps in the community video but I keep getting the same error. I get to the admin panel and find the csrf token. When I go to delete carlos burp reports "Stream failed to close correctly". Any insight as to what's going on?

Ben, PortSwigger Agent | Last updated: Apr 20, 2023 05:28PM UTC

Hi, We recently changed the Web Academy so that the labs support HTTP/2. There are some labs that have been impacted by this change - currently we believe that some of the Host Header attack labs need some further work in order for them to function as expected in conjunction with HTTP/2. If you switch your Repeater requests to use HTTP/1 are you then able to solve this lab? If you do not know how to make this change within Repeater then please let us know and we can guide you further.

ديم | Last updated: Apr 25, 2023 09:02PM UTC

how to change the repeater to http/1?

Ben, PortSwigger Agent | Last updated: Apr 26, 2023 06:44AM UTC

Hi, If you expand the 'Request attributes' section within the Inspector panel and then change the 'Protocol' setting from HTTP/2 to HTTP/1, this will mean that your request will be using HTTP/1.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.