Burp Suite User Forum

Login to post

Labs Failing to Respond

John | Last updated: Jan 13, 2021 12:46PM UTC

Hi, I'm having issues with this lab,"Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria". As soon as I enter the X-Forwarded-Host header, the lab server fails to respond. I've tried this with Firefox and the in built chrome browser for burp Suite Pro. I also tried disabling all extensions and doing the lab without the Param Miner extension. The Lab server still hangs. I also waited for the lab to reset and it still hangs! The only thing I have not tried is uninstalling and re-installing Burp Suite Pro. Has anyone else seen this fault? I'm 162 labs deep, so I cannot bring myself to do an uninstall/re-install.

Uthman, PortSwigger Agent | Last updated: Jan 13, 2021 01:14PM UTC

Is your issue occurring at step 4 in the solution? I have just tested it and I do not appear to be seeing the same issue. Do you have two new lines at the end of your request like in the video below? - https://www.youtube.com/watch?v=oAiG-EVemUI

John | Last updated: Jan 14, 2021 02:49PM UTC

Hi I am completely dumbfounded!!! I got the lab working and solved it!!! My Primary device = iMacPro running macOSX 11.1 = Big Sur Wasted so much time trying to get the lab completed on that system, I decided to switch to my Windows 10 Laptop(Toshiba). Tried it with the inbuilt Chrome browser. All steps in the lab worked except...for solving it...put that down to me!! Then I thought, get Firefox on there, set it up to work through Burp Suite Pro. While I was doing that I set the proxy up for port 8080. (Windows 10 Laptop) Then thought, see what the iMac is set to for its Firefox settings. I am a terrible typist and usually do lots of typos. That was set to localhost port 8080 (iMac Big Sur) I have no idea why I done this, probably just to set the laptop and iMac to exactly the same settings, I changed the iMac to port 8080. Flew through the lab!! And Solved it!! I have no idea if that helps anyone else, I hope it does!! I would have thought either way to use the loopback would have been fine. If you find any technical reason for this, please let me know? Completely stunned!!

John | Last updated: Jan 14, 2021 09:31PM UTC

Take it all back...the strange fault is back! The next Lab asks for an "X:Forwarded-Host:" header. When I put one in, no response from Repeater when I press the send button. Weird!!

Uthman, PortSwigger Agent | Last updated: Jan 15, 2021 09:07AM UTC

Do you have two newlines at the end of the request? I cannot replicate this, unfortunately. Can you share the title of the next lab that fails?

John | Last updated: Jan 15, 2021 07:19PM UTC

Hi, One of your colleagues emailed me, with the same advice! :) Definitely looks like on my iMac with macOSX 11.1 I need two returns after I enter the "X-Forwarded-Host:" line or any other header for that matter. ANY MORE than two will get you an error complaining about body text of the page, if memory serves. It all just seems to respond ok from my Windows 10 laptop. But saying that, no matter what platform I will be using, I will keep a close eye on the return lines from now on. That could have been the problem all along, to be fair, I was convinced I had done it correctly on my laptop too, but the lab never flagged solved. Thanks to you and your colleagues for the support by the way! After paying ultra close attention to the two returns required in the Repeater requests....I GOT IT SOLVED!!!

You need to Log in to post a reply. Or register here, for free.