Burp Suite User Forum

Create new post

Tutorial (possible issue): HTTP request smuggling, basic TE.CL vulnerability

Morris, | Last updated: Sep 05, 2023 07:22PM UTC

Dear Burp Suite, No hurry. I'll work on other tutorials. But this one seems to be broken at the moment. In running this tutorial, getting an unexpected error. HTTP/1.1 400 Bad Request "error":"Read timeout" 1) Per tutorial, protocol set to HTTP/1. 2) Added "\r\n\r\n" after the final '0' of the request. 3) Changed the host to my '0af10098037c176681d6ac1700a000ad' host. 4) Confirmed site still responsive (not timed out). 4) Unchecked 'Update Content-Length'. Even with all that, and directly copying the text provided as necessary (and again adding "\r\n\r\n", no luck. Also, definitely takes a long time to process the request. 20 seconds or so? Thank you for your time and help. Sincerely, Michael M.

Michelle, PortSwigger Agent | Last updated: Sep 06, 2023 11:24AM UTC

Hi We've checked the lab, and it's behaving as we would expect. Can we check a few details on the steps you were taking? - Did you set HTTP/1 via the Inspector panel? - When you added \r\n\r\n are these being seen as the actual characters or as non-printable characters? You can enable the display of non-printable characters using the \n button at the top of the message editor panel in Repeater. They should show as non-printable characters as we are making sure the new lines have been added to the end of the request. - If you follow along with the community solution video can you spot any differences in the steps you're taking to solve the lab?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.