Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Browser receives "HTTP/1.0 200 Connection established" from BURP which received "HTTP/1.1 404 Not Found"

Ilguiz | Last updated: May 12, 2020 04:43AM UTC

Browser sends, CONNECT ...127.0.0.1:8080.... in order to POST /libs/granite/core/content/login.html/j_security_check to a site https://www.XXXX.ca Browser network console shows, Version: HTTP/1.0 Referrer Policy: no-referrer-when-downgrade Host: www.XXXX.ca User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 67 Origin: https://www.XXXX.ca DNT: 1 Connection: keep-alive Referer: https://www.XXXX.ca/libs/granite/core/content/login.html?resource=%2Fcontent%2FYYYY%2Fen_CA%2FZZZZ%2F.children.json&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown Cookie: AMCV_37...%7C4.4.0; _gcl_au=1.1.585...07; ...=2; s_vnum=15...%3D5; AMCVS_37...%40AdobeOrg=1; check=true; wz_svgmcv_idnum=92...92_5; s_cc=true; AWSELB=67...A9; AWSELBCORS=67...A9 BURP shows, POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1 Host: www.XXXX.ca User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 67 Origin: https://www.XXXX.ca DNT: 1 Connection: close Referer: https://www.XXXX.ca/libs/granite/core/content/login.html?resource=%2Fcontent%2FYYYY%2Fen_CA%2FZZZZ%2F.children.json&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown Cookie: AMCV_37...; AWSELB=67...A9; AWSELBCORS=67...A9 _charset_=utf-8&j_username=author&j_password=author&j_validate=true BURP receives (as the proxy interceptor and proxy history show), HTTP/1.1 404 Not Found Accept-Ranges: bytes Content-Type: text/html; charset=UTF-8 ETag: "150a1-5a565cc81a1a2-gzip" Last-Modified: Mon, 11 May 2020 21:12:04 GMT Server: Apache Strict-Transport-Security: max-age=63072000; includeSubdomains; preload Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Dispatcher: dispatcher1cacentral1 X-Frame-Options: SAMEORIGIN X-Vhost: publish Content-Length: 86177 Date: Tue, 12 May 2020 04:28:19 GMT Connection: close <!DOCTYPE html> <html class="no-js" lang="en"> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> but browser shows this coming from BURP, HTTP/1.0 200 Connection established Accept-Ranges: bytes Content-Type: text/html; charset=UTF-8 ETag: "150a1-5a565cc81a1a2-gzip" Last-Modified: Mon, 11 May 2020 21:12:04 GMT Server: Apache Strict-Transport-Security: max-age=63072000; includeSubdomains; preload Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Dispatcher: dispatcher1cacentral1 X-Frame-Options: SAMEORIGIN X-Vhost: publish Content-Length: 86177 Date: Tue, 12 May 2020 04:28:19 GMT Connection: close This is Firefox 77.0b4. I don't understand why Firefox shows HTTP/1.0 when sending and HTTP/1.0 200 Connection established. Perhaps this is what it detects and receives from BURP's CONNECT proxy? I am fine with the browser's having to change the original POST request to a POST in CONNECT ..., but I wonder if at least the response code from the web application (404) should reflect in the browser? Perhaps, this is a bug in the browser's proxy client code?

Uthman, PortSwigger Agent | Last updated: May 12, 2020 08:26AM UTC

Can you send us further details and steps to replicate via email? A screen recording would be helpful too. support@portswigger.net What settings have you configured under Proxy > Options > Miscellaneous? Does the browser show HTTP/1.0 when your traffic is proxied through Burp? Or is that what a 'normal' connection looks like? Do you notice any differences when using a different browser?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.