Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Web cache poisoning via ambiguous requests

Pablo | Last updated: Aug 24, 2023 12:38AM UTC

Hello! I'm trying to solve the lab "Web cache poisoning via ambiguous requests", but when I send the request: GET /?cb=123 HTTP/1.1 Host: 0acd0096031d9194836bfbf000b1009a.h1-web-security-academy.net Host: abcd1234 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="104" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Referer: https://portswigger.net/ Accept-Encoding: gzip, deflate Accept-Language: es-ES,es;q=0.9 Connection: close The response is: HTTP/1.1 403 Forbidden Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 109 <html><head><title>Client Error: Forbidden</title></head><body><h1>Client Error: Forbidden</h1></body></html> I have no extensions, the protocol is HTTP/1.1 and I also try to change the order of the hosts, but it doesn't work. Why I get this error? Thank you :)

Dominyque, PortSwigger Agent | Last updated: Aug 24, 2023 10:27AM UTC

Hi Did you watch and follow the community solution video we have for that lab? Is it still unsolvable?

Pablo | Last updated: Aug 24, 2023 03:13PM UTC

Yes, I watched the community solution and I followed every step but the lab is still unsolvable.

Pablo | Last updated: Aug 25, 2023 01:08AM UTC

Solved! The problem was in the request sent to the Repeater. There was no cookie. I solved clicking in the "Home" button and then sending this last request to the Repeater. Thank you for your help!

Dominyque, PortSwigger Agent | Last updated: Aug 25, 2023 07:17AM UTC

Hi Pablo Thank you for adding how you were able to solve the lab to the thread! Much appreciated.

mohamed | Last updated: Aug 02, 2024 08:28PM UTC

same issue i have stucked in for more than 2 hours :DDDDDD but thanks pablo i have solved it Pablo u still there ? wanna contact +201552568233 whatsapp

mohamed | Last updated: Aug 02, 2024 08:28PM UTC