Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Question about "Lab: Exploiting XXE to perform SSRF attacks"

BobSwigger | Last updated: May 14, 2023 04:55PM UTC

I keep getting the "XML parser exited with error: java.net.ConnectException: Connection refused" error. Here is my payload <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE test [ <!ENTITY xxe SYSTEM "http://169.254.169.254/"> ]> <stockCheck><productId>&xxe;</productId><storeId>1</storeId></stockCheck> Not sure which part went wrong. Any idea? Thank you!

Ben, PortSwigger Agent | Last updated: May 15, 2023 08:21AM UTC

Hi, To confirm, do you see this same issue if you attempt this lab today? If so, would we be able to get a screenshot of this payload being sent within Burp (if it is easier to provide screenshots via email then please feel free to send us an email at support@portswigger and we can take a look from there)? On the face of it, this payload looks correct to me (and should elicit the response detailed in Step 3 of the solution) so it would be useful to confirm if you consistently get this error and what your payload looks like in Burp.

BobSwigger | Last updated: May 17, 2023 12:18AM UTC

Hi, I can't reproduce this issue today. I guess it's solved. Thank you!

Ayzhana | Last updated: Dec 09, 2023 12:19PM UTC

hi I have same error https://drive.google.com/file/d/1RwHb9Zk8wAGR1m9dPUOJTrUHLiMnrYOj/view?usp=sharing

Ben, PortSwigger Agent | Last updated: Dec 11, 2023 09:05AM UTC