Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

New lab: Exploiting HTTP request smuggling to capture other users' requests

Luca Chiaverini Aug 13, 2019 02:58PM UTC

Hi and sorry for bothering again.
I am not able to complete the lab in the subject after following the lab solution.
As far as I understand, there should be "another user" accessing the blog comments page, whose session cookie should be captured thank you to my previous "smuggled" request.
I wait for several minutes, but when I refresh the page, the only credentials that are captured are mine. I send my smuggled request only once, and not twice as in the other exercises, as I understand that the second request is the one from the other user "bot".
Is this correct?

Thank you in advance,
Luca


Luca Chiaverini Aug 14, 2019 10:29AM UTC
Update: I've been able to play with time and content length enough to get the other user session cookie, but when I replace my session cookie with the captured one, the lab is still not marked as solved. Do I have to access a specific page?

Thanks

Luca Chiaverini Aug 14, 2019 11:11AM UTC
Update: I was able to submit the session cookie, then I restarted the lab from scratch and the whole process went smoother. It can be me or this lab is a bit temperamental :)

Liam Tai-Hogan Aug 14, 2019 01:12PM UTC Support Center agent

Thanks for letting us know Luca.


Luca Chiaverini Aug 14, 2019 02:04PM UTC
As a very last request, I'm completely stuck on the very last lab: Web Cache Deception.
I cannot find a way to get an API key different from the one that is already accessible with the given user - and that key is not accepted as solution for the lab.
I'm not entirely sure which key I should suppose to retrieve, another bot?
Can you please help me on this last lab?

Cheers
Luca

Post Your public answer

Your name
Your email address
Answer