Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Web cache poisoning with an unkeyed header

Flying.Dudu | Last updated: Aug 24, 2020 12:40PM UTC

Hi there. Sorry to bother. I have tried to finish the Lab "Web cache poisoning with an unkeyed header" but couldn't do it. First, after added the X-Forwarded-Host in Repeater of Burp then, I cannot receive any response in Burp. (Time out even when I set the timeout to 999) So I tried to use Python with your description in solution X-Forwarded-Host: your-exploit-server-id.web-security-academy.net And finally, when I visit the "your-exploit-server-id.web-security-academy.net" From the web content, There do has the necessary .js file with correct path. <script type="text/javascript" src="//your-exploit-server-id.web-security-academy.net/resources/js/tracking.js"></script> But the alert does not appear. And there are also no solved hints. Very appreciate if you could help.

Michelle, PortSwigger Agent | Last updated: Aug 24, 2020 02:48PM UTC

Hi There are no current issues with the lab, you should be able to solve the lab just by following the steps in the solution rather than needing to use Python. Have another try and let us know how you get on!

Flybodu | Last updated: Aug 25, 2020 02:36AM UTC

Thank you for your reply, however, I still can not solve this task by Burp. 5.Observe that the X-Forwarded-Host header has been used to dynamically generate an absolute URL for importing a JavaScript file stored at /resources/js/tracking.js. Followed with your solution on the step 5, after I added the X-Forwarded-Host header (no-matter what domin: example.com or test.com or others) in to GET request, I can not receive any response at all. Event log continue report: Timeout in transmission from THE-LAB-ID.web-security-academy.net In the comments in this video, the others seems also have the same problem. https://www.youtube.com/watch?v=ZsrCoheszzo

Michelle, PortSwigger Agent | Last updated: Aug 25, 2020 09:17AM UTC

Does your request get a response from the lab if you don't add the X-Forwarded-Host header? If so, it sounds like it might be worth checking how many lines there are after the header on the request you create using the X-Forwarded-Host header to make sure the request is in a valid format. Let us know how you get on!

Flybodu | Last updated: Aug 25, 2020 09:38AM UTC

Ahh!! Really appreciate! This helps a lot! One little suggestion, maybe because I am so stupid but maybe it would be better to mention this in the solution part.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.