Burp Suite User Forum

Create new post

Username enumeration via response timing: not getting response using repeater with X-Forwarded-For

Herbert | Last updated: Aug 07, 2021 02:34PM UTC

Hey guys, I'm working on "enumeration via response timing" lab, when I'm using repeater to send an X-Forwarded-For I'm not getting response, this is my request: POST /login HTTP/1.1 Host: ace11f691fef2ad580c703dd004a00c5.web-security-academy.net Connection: close Content-Length: 33 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92" sec-ch-ua-mobile: ?0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36 Origin: https://ace11f691fef2ad580c703dd004a00c5.web-security-academy.net Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://ace11f691fef2ad580c703dd004a00c5.web-security-academy.net/login Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: session=6jSvJpIgS6Oyz5v3haB4OZvwJpprt9Jr X-Forwarded-For: 501 username=chivo01&password=chivo01 I'm following Michael Sommer's walk through and he got response, any recommendations?

Ben, PortSwigger Agent | Last updated: Aug 09, 2021 10:40AM UTC

Hi Herbert, Just to confirm, are you getting no response at all or a different response status than you are expecting? In addition, do you have a line space between the last header and the body of your request when you are issuing it?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.