Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Lab: Exploiting HTTP request smuggling to perform web cache deception (Solution incorrect)

| Last updated: Nov 26, 2019 06:57AM UTC

The solution for Lab: Exploiting HTTP request smuggling to perform web cache deception is INCORRECT. The Lab appears to be updated and is not using the /apiKey function anymore. Instead it is replaced with /my-account which has an update email address function /my-account/change-email. I have tried the original solution, and changed the /apiKey with /my-account. I have also tried using a double carriage-return after the X-Ignore: X, which produces some interesting results. However, I cannot for the life of me solve the updated solution. Please help or update the Solution appropriately.

Burp User | Last updated: Nov 26, 2019 07:06AM UTC

Also, not sure if this is an issue, the GET /academyLabHeader HTTP/1.1 is returning a HTTP/1.1 404 Not Found

Burp User | Last updated: Nov 26, 2019 07:49AM UTC

OK - I finally solved, but I am not sure it is the "intended" way. I used the following with no success for ages. POST / HTTP/1.1 Host: xxx-your-lab-id-xxx.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 42 Transfer-Encoding: chunked 0 GET /my-account HTTP/1.1 X-Ignore: X I then added 3 additional CRLF after the X-Ignore: X and submitted several times. This definitely caused the request to be smuggled and caused some interesting results. I then reverted back to the above request and submitted several times in Repeater. It was the Repeater results in the Burp Search for "POST /" that eventually returned the API Key....wierd! Other people have reported that refreshing the /login page might work and return the results in the /resources/css/labs.css although that did not work for me.

Ben, PortSwigger Agent | Last updated: Nov 26, 2019 09:15AM UTC

Hi Andrew, Thank you for your message. You are correct. We have recently changed some of the Web Academy infrastructure and the solutions are slightly out of sync with the changes that have been made. We are working hard to provide updates to the listed solutions but this will take some time. I was able to complete the lab by changing the smuggled GET request to use my-account instead of apiKey so that should work. It is also worth noting that the solutions provided are only one way of completing the labs so you should feel free to experiment with other approaches to see if they also work.

jnar | Last updated: Apr 22, 2021 07:46PM UTC

Hi I can not solve this Lab, with the solution provided it keeps redirecting me to the /login page, it never gets me with a 401 message!! Kindly advise. thank you

jnar | Last updated: Apr 23, 2021 06:34AM UTC

Hi I made it solved the Lab, Thank you.

Michelle, PortSwigger Agent | Last updated: Apr 23, 2021 07:35AM UTC

Good work :) I hope you enjoy the rest of the labs!

geffifi | Last updated: Jun 24, 2021 06:21AM UTC

Hi I can not solve this Lab, with the solution provided it keeps redirecting me to the /login page, it never gets me with a 401 message!! Kindly advise. thank you

Michelle, PortSwigger Agent | Last updated: Jun 24, 2021 02:22PM UTC

Have you tried following the video in the Community Solutions section? The videos provided by other users in our community can sometimes help to explain the steps that need to be taken. I hope that helps :)

geffifi | Last updated: Jun 24, 2021 06:09PM UTC

Yeah I was tried but could not . thank you

geffifi | Last updated: Jun 24, 2021 06:09PM UTC

Yeah I was tried but could not . thank you

Michelle, PortSwigger Agent | Last updated: Jun 25, 2021 07:16AM UTC

Can you describe the steps you are taking to try and solve the lab, please?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.