albinowax
commented
2 years ago Thanks for the report, this was really useful. I've investigated and found an issue with the lab which has now been resolved, so you should find this works now.
Closed FahadSec closed 2 years ago
albinowax
commented
2 years ago Thanks for the report, this was really useful. I've investigated and found an issue with the lab which has now been resolved, so you should find this works now.
FahadSec
commented
2 years ago I can confirm it works now. Thank you.
Also I'm not sure if this behavior is intended, but I was only notified about the vulnerability through the Target section. The output in the extender tab said there are 0 findings.
Using albinowaxUtils v1.03
This extension should be run on the latest version of Burp Suite. Using an older version of Burp may cause impaired functionality.
Loaded HTTP Request Smuggler v2.03
Updating active thread pool size to 8
Loop 0
Queued 1 attacks from 1 requests in 0 seconds
Unexpected report with response
Completed 0a0000fd04f27257c05af7e800ef000c.web-security-academy.net: 1 of 1 in 33 seconds with 25 requests, 0 candidates and 0 findings Good to hear it's fixed. Yeah those stats are not very accurate, nothing to worry about.
I have Burp Suite Professional Version 2022.5.2 on Mac OS.
I attempted to test the HTTP Request Smuggler Probe on the PortSwigger Web Academy Request Smuggler Lab 1: HTTP request smuggling, basic CL.TE vulnerability but the extension failed to detect it. I tried unloading all my extensions and it still didn't work.
Attached the request logs.
smuggler_logs.csv