Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Solution not functional: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses"

Derk | Last updated: Sep 16, 2024 02:13PM UTC

The solution provided in the following lab is not functioning correctly: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses" After setting the correct host header and ensuring that HTTP 1.1/is set the payload provided in the solution does not result in a solved lab. I encountered this after trying my own solution, which did not work either. I have waited for the lab to reset multiple times but the standard solution and my own soltution never worked. Could someone please confirm whether the lab is bugged or whether I've made a mistake

Ben, PortSwigger Agent | Last updated: Sep 17, 2024 07:19AM UTC

Hi Derk, I have just run through this lab and was able to solve it using the written solution provided so it does appear to be working as expected. Are you able to provide us with a screenshot of the request that you are sending to try and solve this particular lab so that we can see this more clearly?

Derk | Last updated: Sep 17, 2024 11:20AM UTC

Hi Ben, Thank you so much for checking. I tried the same solution with a colleague and it worked for him as well so it must be something unique to me. This lead me to reset my Burp user settings and that solved the issue for me. Afterwards I tried to isolate the issue by reinstalling some of my Burp extensions again. Through this, it seems the OpenAPI Parser extension might be the culprit. When this extension is active, the 404 payload is not triggered. This also happens on my colleague's machine. I think this is an issue with the OpenAPI Parser extension and not Burp, so I may post an issue on their github. The request we sent is (two trailing newlines): ``` POST / HTTP/1.1 Host: 0a4c00f10450f67f802cd1480095009f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=1 0 ``` Again, many thanks. Kind regards, Derk

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.