Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Receiving Kettle Message in Repeater for Request That Shouldn't Be Kettled

vic | Last updated: Jul 15, 2024 01:07AM UTC

Hi, This would be easier to explain with screenshots but I do my best to explain below. I am working on the "Authentication bypass via encryption oracle" lab for business logic vulnerabilities. I have submitted a comment with an invalid email address to "post?postId=1". When I catch the "POST /post/comment HTTP/2" request in Proxy I can forward it to be greeted with the following step which is to request the "GET /post?postID=1 HTTP/2" page. In the response rendered in my browser I am able to then receive the contents and see the "Invalid email address:" message. I do the exact same process in repeater but the second /post?postID=1 HTTP/2 Request is kettled. It states "This request is kettled because: There is a semicolon followed by a space in this cookie: notification" Based on my research, HTTP/1 requests actually represent multiple cookies using key value pairs separated by semicolons and spaces in HTTP/1.1. As a result, I think this request can be accurately displayed in HTTP/1.1 and I don't think this kettled message should appear. It is also interesting that the kettle message didn't appear in Proxy for the exact same request as explained above. I am not absolutely certain about this as I am currently studying for the BSCP and am no expert, but thought I'd bring it up.

Michelle, PortSwigger Agent | Last updated: Jul 16, 2024 12:25PM UTC

Hi I've just been through this lab and I'm not seeing the same issue with the requests in Repeater. If you're still seeing this issue, can you send some screenshots of the requests you're using in the Repeater tab to support@portswigger.net so we can take a look?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.