Burp Suite User Forum

Login to post

Lab: Web cache poisoning via ambiguous requests broken

Manuel | Last updated: Jun 08, 2022 09:33AM UTC

Hi No matter what I do inside Repeater, the site always answers with 'Age: 0' and 'X-Cache: miss' which means I cant poison the target. I also tried removing 'Cache-Control' from the request. (no luck) When sending the request with cURL I get a X-Cache Miss followed by a X-Cache Hit so it works there. But I cant seem to even exploit myself afterwards. I followed all the steps in you solution. Here are some screenshots: https://pasteboard.co/lWnseL4kGOtp.png https://pasteboard.co/01LVRWYzKqi4.png https://pasteboard.co/4ONcO96m61V8.png

Hannah, PortSwigger Agent | Last updated: Jun 08, 2022 01:00PM UTC

Hi Do you have any extensions installed? If you unload your extensions, do you still experience this issue? Some extensions may have settings that modify your traffic - for example, if you have enabled the setting "Add dynamic cachebuster" in the extension "Param Miner", your cachebuster will be changing for every request.

Manuel | Last updated: Jun 09, 2022 08:58AM UTC

Hi When disabling all extensions it worked.

Hannah, PortSwigger Agent | Last updated: Jun 09, 2022 09:02AM UTC

Glad to hear it!

You need to Log in to post a reply. Or register here, for free.