The curl quirk that exposed Burp Suite & Google Chrome

March 28, 2023, 1:13 p.m. |

In this post, we'll explore a little-known feature in curl that led to a local-file disclosure vulnerability in both Burp Suite Pro, and Google Chrome. We patched Burp Suite a while back, but suspect

amp back burp burp suite chrome curl disclosure exposed file google google chrome led local pro vulnerability

Visit resource

More from portswigger.net / PortSwigger Research

Making Desync attacks easy with TRACE 1 month ago | portswigger.net

attacks can constraints easy +8

Using form hijacking to bypass CSP 1 month, 2 weeks ago | portswigger.net

bypass can configuration csp +6

Top 10 web hacking techniques of 2023 2 months ago | portswigger.net

community hacking identify research +7

Hiding payloads in Java source code strings 3 months ago | portswigger.net

abuse can code conceal +5

Top 10 web hacking techniques of 2023 - nominations open 3 months, 2 weeks ago | portswigger.net

blog blog posts community hacking +8

Finding that one weird endpoint, with Bambdas 4 months, 1 week ago | portswigger.net

act balancing act concepts endpoint +6

Blind CSS Exfiltration: exfiltrate unknown web pages 4 months, 2 weeks ago | portswigger.net

css discover exfiltration gif +3

The single-packet attack: making remote race-conditions 'local' 6 months ago | portswigger.net

attack conditions effectively http +10

How to build custom scanners for web security research automation 6 months, 3 weeks ago | portswigger.net

aid attack automation build +8

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Audit and Compliance Technical Analyst

@ Accenture Federal Services | Washington, DC

View on infosec-jobs.com

ICS Cyber Threat Intelligence Analyst

@ STEMBoard | Arlington, Virginia, United States

View on infosec-jobs.com

Cyber Operations Analyst

@ Peraton | Arlington, VA, United States

View on infosec-jobs.com

Cybersecurity – Information System Security Officer (ISSO)

@ Boeing | USA - Annapolis Junction, MD

View on infosec-jobs.com

Network Security Engineer I - Weekday Afternoons

@ Deepwatch | Remote

View on infosec-jobs.com

View more jobs

all InfoSec news

The curl quirk that exposed Burp Suite & Google Chrome

More from portswigger.net / PortSwigger Research

Jobs in InfoSec / Cybersecurity

SOC 2 Manager, Audit and Certification

Security Audit and Compliance Technical Analyst

ICS Cyber Threat Intelligence Analyst

Cyber Operations Analyst

Cybersecurity – Information System Security Officer (ISSO)

Network Security Engineer I - Weekday Afternoons

all InfoSec news

The curl quirk that exposed Burp Suite &amp; Google Chrome

More from portswigger.net / PortSwigger Research

Jobs in InfoSec / Cybersecurity

SOC 2 Manager, Audit and Certification

Security Audit and Compliance Technical Analyst

ICS Cyber Threat Intelligence Analyst

Cyber Operations Analyst

Cybersecurity – Information System Security Officer (ISSO)

Network Security Engineer I - Weekday Afternoons

The curl quirk that exposed Burp Suite & Google Chrome