Burp Suite User Forum

Create new post

Browser header sec-ch-ua is empty causing all requests to be blocked

Allan | Last updated: Jul 13, 2023 10:22PM UTC

Just installed Burp Pro v2023.6.2 Opened Browser and every request to my company's sites are rejected. We use a WAF that blocks requests containing empty header values. The header being sent with no value is sec-ch-ua. Is there a way to launch Browser with --disable-features=UserAgentClientHint, assuming Chrome still supports disabling user agent client hints?

Dominyque, PortSwigger Agent | Last updated: Jul 14, 2023 09:57AM UTC

Hi Allan Thank you for bringing this to our attention; it seems this has only been an issue in the newer versions. I have created a bug ticket for it and will update this thread when a fix goes live. In the meantime, you can manually change this by heading to Settings> Tools> Proxy. Under 'Match and replace rules, you can add the SEC-CH-UA information. You cannot change the flags used to launch the embedded browser within Burp.

Michelle, PortSwigger Agent | Last updated: Oct 30, 2023 01:07PM UTC

Hi If you test this in the latest version of Burp, you should no longer see the issue. If you do have any problems, though, please let us know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.