Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Minor issue in the solution of Lab: "Web cache poisoning with multiple headers"

Luca | Last updated: Oct 03, 2020 12:18PM UTC

I think point number 2 of the official solution is somehow misleading: "Find the GET request for the JavaScript file /resources/js/tracking.js and send it to Burp Repeater" That file is never requested by the website and that request cannot be found in the Proxy History. I can see it is in the source code of the Home page but I have done the lab twice and I could never find it in my Burp History. Not sure why. It looks a minor issue but if confirmed it prevents a proper understanding of the exploitation path (at least for me) Thank you

Luca | Last updated: Oct 03, 2020 01:01PM UTC

This seems to be true for other web cache poisoning labs (that a specific request for tracking.js is not present in Burp History), but in other labs it's easier to identify because the exploit server url added to some header is reflected within script tags that refer to tracking.js, in this case it doesn't.

Ben, PortSwigger Agent | Last updated: Oct 05, 2020 02:09PM UTC

Hi, I have just loaded up this lab and am able to observe the resources/js/tracking.js request - do you have any settings within Burp that might be filtering what requests you observe within your HTTP history?

Spencer | Last updated: Nov 05, 2020 07:22PM UTC

Hello, I've had this same issue. Have default settings and set my HTTP History to "Filter: Showing all items." I'm using Mozilla with the most recent version of burp. Only difference I can see between js files it shows and not shows is that /resources/js/tracking.js includes a type"text/javascript" before. Not sure why it would be an issue. Any thoughts?

Spencer | Last updated: Nov 05, 2020 07:23PM UTC

Should add the burp does show the /resources/js/labHeader.js GET request for me.

Spencer | Last updated: Nov 05, 2020 07:25PM UTC

Of course, just found the issue. I turned off u-block origin (adblocker) and it shows up now.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.