Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Two exactly same requests in repeater but one fails and the other doesn't

Miebaka | Last updated: Dec 24, 2021 12:26AM UTC

I recently found a SQL injection vulnerability in a app (through a verbose error returned indicative of SQL injection and tried exploiting it using sqlmap while proxying through Burpsuite. I noticed the connection was getting reset after a while by the app without returning any response to SQLmap's request and I decided to investigate: 1. I sent one of the logged request that was reset from SQLmap to Burp repeater and repeated the request, and as expected, the connection was reset without returning any content or response. 2. I decided to copy the payload from that request, as this might be the cause of the connection reset by the app, to another request or tab in Burp Repeater and to my amazement the request succeeded with a response (containing a verbose error indicative of SQL injection) returned. 3. Perplexed by this, I decided to investigate and compare both requests using Burp's Comparer to figure out what might be causing the connection reset, and both requests, to my amazement, were exactly the same. 4. Just to be sure that I'm not crazy, I copied the entire request's content of the request in Burp Repeater that succeeded and replaced that of the one that was met with a connection reset and still, the connection was reset. I am not entirely sure what's going, or perhaps, it's something about how Burp's repeater functions that I am missing. This is pretty interesting and I would like to be educated on what might be going on. Much Thanks!

Uthman, PortSwigger Agent | Last updated: Dec 24, 2021 10:18AM UTC

Hi Miebaka,

Can you please send a screen recording of the issue replicated along with diagnostics (Help > Diagnostics) to support@portswigger.net?

Can you also share the information below?

  • How much time elapsed between the unsuccessful request and the successful one?
  • Are both requests using the same protocol (please double-check this using the Inspector)?
  • Screenshots of the full requests/responses
  • Can you replicate this behavior on any other site?
  • If you relaunch Burp in a new project file and attempt to replicate this again, can you do so successfully?

Miebaka | Last updated: Dec 26, 2021 10:42PM UTC

Hi Uthman, You were right! After running Wireshark and taking a closer look at both targets in the similar repeater tabs again, I found out that one was using HTTPS, and the other, HTTP. SQLmap was sending out it's request using HTTP even though the saved item from Burp used for the SQLmap exploitation was in HTTPS. I had to use the "--force-ssl" to get SQLmap to run properly. Thank you for the support!

Liam, PortSwigger Agent | Last updated: Jan 04, 2022 08:43AM UTC

Thanks for letting us know!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.