Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Receiving Kettle Message in Repeater for Request That Shouldn't Be Kettled

vic | Last updated: Jul 15, 2024 01:07AM UTC

Hi, This would be easier to explain with screenshots but I do my best to explain below. I am working on the "Authentication bypass via encryption oracle" lab for business logic vulnerabilities. I have submitted a comment with an invalid email address to "post?postId=1". When I catch the "POST /post/comment HTTP/2" request in Proxy I can forward it to be greeted with the following step which is to request the "GET /post?postID=1 HTTP/2" page. In the response rendered in my browser I am able to then receive the contents and see the "Invalid email address:" message. I do the exact same process in repeater but the second /post?postID=1 HTTP/2 Request is kettled. It states "This request is kettled because: There is a semicolon followed by a space in this cookie: notification" Based on my research, HTTP/1 requests actually represent multiple cookies using key value pairs separated by semicolons and spaces in HTTP/1.1. As a result, I think this request can be accurately displayed in HTTP/1.1 and I don't think this kettled message should appear. It is also interesting that the kettle message didn't appear in Proxy for the exact same request as explained above. I am not absolutely certain about this as I am currently studying for the BSCP and am no expert, but thought I'd bring it up.

Michelle, PortSwigger Agent | Last updated: Jul 16, 2024 12:25PM UTC