Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Unable to get 302 Response

Foo | Last updated: Feb 11, 2022 07:56AM UTC

Currently attempting the "Lab: Response queue poisoning via H2.TE request smuggling" lab. Unable to advance as I am not able to get a 302 response containing the admin's new post-login session cookie even after sending out the requests for 30 minutes straight and repeating the process multiple times.

Ben, PortSwigger Agent | Last updated: Feb 11, 2022 08:41AM UTC

Hi, I have just been able to solve this lab using the solution provided so it does appear to be working (although the nature of the lab itself means that the process itself is not an exact science each time). Are you just receiving 404 responses when you try this?

Foo | Last updated: Feb 14, 2022 04:52AM UTC

Hi Ben, yes i have only been receiving 404 responses when I attempt this lab with the solution provided.

Ben, PortSwigger Agent | Last updated: Feb 14, 2022 09:39AM UTC

Hi, Do you observe the behavior noted in Step 1 of the solution (just to confirm that part of the solution is working)? Do you have details of the request that you are trying to send for Step 3 of the solution (just so we can see exactly what you are sending)? I did run through the lab again this morning and was still able to successfully solve it so it does still appear to be working (as noted previously, there is an element of trial and error involved to get this to work - I had to use the workaround of sending 10 ordinarly requests in order to reset the connection).

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.