Burp suite problem in server request

ADORE · May 1, 2024, 3:09pm

Hii,
I have a question that i do not understand.plase help

i was solving a ctf challenges using burp suite.when i try to send post or get request to server with login credentials

POST /post.php HTTP/1.1
Host: 165.227.106.113
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 42

username=admin&password=71urlkufpsdnlkadsf

the server did not show me the flag BUT
When i try using curl command
curl “http://165.227.106.113/post.php” -d “username=admin&password=71urlkufpsdnlkadsf”

it show me the flag
Do you know why???

c0rruptm3.dll · May 1, 2024, 7:20pm

Is there any chance you can show the response from burp suite?

0xf00I · May 1, 2024, 8:59pm

Your requests seem fine. Just make sure that when you capture and send them to the Repeater, you check non-printable characters (\n). Each line in the response usually ends with \r\n , indicating a return followed by a new line, so keep that in mind.

See :
Burp Suite: Repeater

ADORE · May 2, 2024, 12:56am

This is the response

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 02 May 2024 00:48:52 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.22
Content-Length: 118

<h1>This site takes POST data that you have not submitted!</h1><!-- username: admin | password: 71urlkufpsdnlkadsf -->

system · September 6, 2024, 10:12pm

This topic was automatically closed after 128 days. New replies are no longer allowed.