Burp Suite User Forum

Login to post

Repeater request timeout

hashaam | Last updated: Jun 07, 2020 05:28PM UTC

HI i am the lab trying the web cache poisoning with multiple headers. i place the cache buster and the x-forwarded header the request in repeater the request keep timing out. i do it without cache buster and custom header it goes through fine. i don t understand the reason.

Ben, PortSwigger Agent | Last updated: Jun 08, 2020 10:24AM UTC

Hi, Are you able to send us an email to support@portswigger.net with a screenshot of the request that you are trying to send through Repeater? That way we can see exactly what you are trying to send.

sunny | Last updated: Sep 18, 2020 08:44AM UTC

Hi, I'm having exactly the same problem regarding the labs on web cache poisoning: whenever I add the header X-Forwarded-Host header I get 504 Gateway Timeout. So far I had this on: Lab: Web cache poisoning with multiple headers Lab: Web cache poisoning with an unkeyed header I checked the videos of Michael Sommer with the solutions on youtube and I still see the same problem. I tried adding the header to the requests GET /resources/js/tracking.js HTTP/1.1 and GET / HTTP/1.1 and get the 504 timeout error. Could you provide some direction? Thank you SO MUCH for your excellent web academy material! <3

sn1pr0s | Last updated: Sep 18, 2020 01:15PM UTC

I also experience the same issue: Either I get a Gateway Timeout or the request times out and I get no response.

Ben, PortSwigger Agent | Last updated: Sep 22, 2020 09:26AM UTC

Hi, There does appear to be an issue with this lab. Our Web Academy development team hope to release a fix for this by the end of today.

Andre | Last updated: Dec 07, 2020 12:36PM UTC

I am experiencing the same issue today. Has this been investigated? It does work if I add the custom headers outside of BURP so I am guessing it can be an issue in the version I am using 2020.11.3. Tried both on Windows (JVM 8) and on Ubuntu (JVM 11). Both behave the same.

Uthman, PortSwigger Agent | Last updated: Dec 07, 2020 03:56PM UTC

Hi Andre, I just tested this lab and you should be able to complete it without any issues. Have you considered taking a look at a video solution on YouTube? Or waiting for the lab to reset (~15 mins) and trying again?

Andre | Last updated: Dec 08, 2020 04:50PM UTC

Hello Mr. Uthman. Thanks for your response. The issue remain despite me moving to a different lab. The issue doesn't seem to be related to the lab environment, but with BURP itself since I am able to replay the exact same request in OWASP ZAP. I'd really like to understand what's the issue here in order to be able to start using BURP more often. Appreciate any info you can provide as it seems I am not the only person with this issue. Best regards, Andre

Uthman, PortSwigger Agent | Last updated: Dec 08, 2020 05:15PM UTC

Hi Andre, Thanks. We will report this to our academy development team and get back to you with any feedback.

Andre | Last updated: Dec 11, 2020 11:34AM UTC

I found a solution to this. I was removing the 2 extra lines from the request when adding the new header. If I keep them, the requests go through. Hope this info can be helpful to anyone else seeing this. Best, Andre.

Diego | Last updated: Jun 06, 2021 08:36PM UTC

I was having the same issue, but like Andre said above, one of the blank lines of the request had been removed. Adding it back made requests in Repeater work again.

Uthman, PortSwigger Agent | Last updated: Jun 07, 2021 08:32AM UTC

Thanks for your feedback. You can find more information on why this (\r\n\r\n) is required in the RFC documentation: - https://datatracker.ietf.org/doc/html/rfc2616#section-5

You need to Log in to post a reply. Or register here, for free.