Burp Suite User Forum

Create new post

Targeted web cache poisoning using an unknown header - strange behaviour with repeater

Matteo | Last updated: Jul 10, 2024 10:30AM UTC

To solve the lab, we have to add the header x-cache. If i intercept the request to the home and add the header with a random value and i send the request, i don't receive any response. If from the repeater inspector, i change to http/2 then again to http/1 and send, the request go correctly and i receive the response The problem happens only using firefox

Matteo | Last updated: Jul 10, 2024 10:31AM UTC

Sorry, the header is x-host, not x-cache :D

Ben, PortSwigger Agent | Last updated: Jul 10, 2024 01:24PM UTC

Hi Matteo, On the face of it, I cannot replicate this behaviour - are you able to email us at support@portswigger.net and include some screenshots of what the request that you are sending looks like so that we can see this more clearly?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.