HTTP Attacks - HTTP Response Splitting

I’ am stuck for several days on HTTP Response Splitting section. I tried everything with Burp and many times URL encoding. I tried all the tricks from module "Cross-Site Scripting (XSS), even with xsstrike.py etc. But no success. Please help.

hello bro Is there any progress? I’m stuck at the same place.

No sorry, I skipped this question for now

okey you will let me figure out the question

I finished now the module HTTP Attacks except for “HTTP Response Splitting”. ???

Hopefully this will help and won’t be considered spoiler.

Firstly, you should craft your payload with the “target” GET parameter and only then try to pwn the admin.

Look at the headers you get back, there’s a new one that was not present in the example’s response.
How does it change the browser behavior? How can you bypass it or force your way over it? (:

btw I got some issues with Firefox, maybe try your payloads with other browsers as well

Thanks a lot. I noticed the difference and saw that the response did not handle the html code in the right way. (Pretty was grey). With your remarks I managed to bypass this.
I ran into the same problem using Firefox. With Chromium it was solved…
now finding the admin user’s cookie…

The webpage does not have any cookies!!! ???

Still stuck. Please anyone for a hint?

Did you figure it out? I did not, so if you are let me know please.

there is a log function on the website you can use to grab the cookie by putting it on a get request parameter :slight_smile: