Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Not possible to disable "Update Content-Length"

JACQUES | Last updated: Nov 29, 2022 10:01AM UTC

Version: v2022.11.2 build 17582 Verified on two installation. When sending the following request with the "Update Content-Length" disabled, the Content-Length is still updated. POST / HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 This can be observed in Logger++: POST / HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 As seen above, the CL is updated while the option is deactivated. Kind regards,

JACQUES | Last updated: Nov 29, 2022 10:39AM UTC

Please note this behavior was observed in the Repeater, but other tools might be impacted too as I could not make the Lab with the "HTTP Request Smuggler" tool.

Hannah, PortSwigger Agent | Last updated: Nov 29, 2022 10:57AM UTC

Hi Do you have any extensions enabled? If so, one may be modifying your Content-Length header. If you disable all extensions and retry with the "Update Content-Length" option disabled, do you still experience this behavior?

JACQUES | Last updated: Nov 30, 2022 09:29AM UTC

Hello, strangely disabling all the addons fixes the problem. I'm still wondering which was causing the issue. Anyway, this is resolved, thank you for the support !

Hannah, PortSwigger Agent | Last updated: Nov 30, 2022 10:01AM UTC

It may have been "HTTP Request Smuggler" if you had that extension enabled. Alternatively, you could re-enable your extensions and see which one triggers the issue again.

JACQUES | Last updated: Dec 02, 2022 01:45PM UTC

The use seemed to come from the PwnFox extension :) Kr,

Hannah, PortSwigger Agent | Last updated: Dec 02, 2022 02:10PM UTC

We're glad you found the extension that was triggering this. If there's anything else we can help with, then please let us know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.