Burp Suite User Forum

Login to post

What is the use of X-Ignore HTTP header?

Janith | Last updated: Sep 22, 2022 01:48AM UTC

I'm trying to solve "HTTP request smuggling, confirming a CL.TE vulnerability via differential responses" lab and the answer shows use of X-Ignore header without which the exploit won't work. I tried but couldn't understand what the use of this header?

Ben, PortSwigger Agent | Last updated: Sep 22, 2022 10:45AM UTC

Hi Janith, It is not the header in the smuggled request that is important, as such, it is the fact that the last two lines of the request are treated by the back-end server as belonging to a new request, which subsequently causes issues. You can use anything here in order to elicit the same outcome, as shown in the screenshot below: https://pasteboard.co/95MnIBmvBSho.png The 'Confirming CL.TE vulnerabilities using differential responses' section of the learning materials, below, provides some more details on this: https://portswigger.net/web-security/request-smuggling/finding

You need to Log in to post a reply. Or register here, for free.