Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Web cache poisoning via ambiguous requests

andrew | Last updated: May 31, 2022 06:16AM UTC

Currently the lab can't be completed since _lab and session cookies have the Httponly flag when the lab is first loaded. The alert(document.cookie) will never fire correctly.

Michelle, PortSwigger Agent | Last updated: May 31, 2022 01:33PM UTC

Thanks for your message. We have checked the lab and the alert(document.cookie) is firing correctly when we use the supplied solution. Are you still having issues with this lab?

Long | Last updated: Jun 01, 2022 10:09AM UTC

Dear Michelle, I still cannot complete this lab even alert(document.cookie) fires ok. I tried look at the access logs of exploit server and i think may be because of the user never visits the site's home page.

Long | Last updated: Jun 01, 2022 10:09AM UTC

Dear Michelle, I still cannot complete this lab even alert(document.cookie) fires ok. I tried look at the access logs of exploit server and i think may be because of the user never visits the site's home page.

Michelle, PortSwigger Agent | Last updated: Jun 01, 2022 10:43AM UTC

Thanks for your message. When we tested the lab here we were able to solve it using the steps given in the solution, can you tell us a bit more about the steps you're taking, please? If it's easier to describe them using screenshots then feel free to send an email to support@portswigger.net

Long | Last updated: Jun 01, 2022 12:58PM UTC

Thank you so much for support. I leave the lab for few hours, and comeback tried to solve and my method worked fines and the lab was solved. To be honest, i don't really understand why in the past it isn't work.

Carson | Last updated: Jul 30, 2024 08:11PM UTC

Same issue going on still

Carson | Last updated: Jul 30, 2024 08:15PM UTC

In your other response you say to list the steps completed, I followed the solution provided by Portswigger and am encountering the issue where the user never visits the home page

Michelle, PortSwigger Agent | Last updated: Jul 31, 2024 01:05PM UTC