Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Browser receives "HTTP/1.0 200 Connection established" from BURP which received "HTTP/1.1 404 Not Found"

Ilguiz | Last updated: May 12, 2020 04:43AM UTC

Browser sends, CONNECT ...127.0.0.1:8080.... in order to POST /libs/granite/core/content/login.html/j_security_check to a site https://www.XXXX.ca Browser network console shows, Version: HTTP/1.0 Referrer Policy: no-referrer-when-downgrade Host: www.XXXX.ca User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 67 Origin: https://www.XXXX.ca DNT: 1 Connection: keep-alive Referer: https://www.XXXX.ca/libs/granite/core/content/login.html?resource=%2Fcontent%2FYYYY%2Fen_CA%2FZZZZ%2F.children.json&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown Cookie: AMCV_37...%7C4.4.0; _gcl_au=1.1.585...07; ...=2; s_vnum=15...%3D5; AMCVS_37...%40AdobeOrg=1; check=true; wz_svgmcv_idnum=92...92_5; s_cc=true; AWSELB=67...A9; AWSELBCORS=67...A9 BURP shows, POST /libs/granite/core/content/login.html/j_security_check HTTP/1.1 Host: www.XXXX.ca User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 Accept: */* Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 67 Origin: https://www.XXXX.ca DNT: 1 Connection: close Referer: https://www.XXXX.ca/libs/granite/core/content/login.html?resource=%2Fcontent%2FYYYY%2Fen_CA%2FZZZZ%2F.children.json&$$login$$=%24%24login%24%24&j_reason=unknown&j_reason_code=unknown Cookie: AMCV_37...; AWSELB=67...A9; AWSELBCORS=67...A9 _charset_=utf-8&j_username=author&j_password=author&j_validate=true BURP receives (as the proxy interceptor and proxy history show), HTTP/1.1 404 Not Found Accept-Ranges: bytes Content-Type: text/html; charset=UTF-8 ETag: "150a1-5a565cc81a1a2-gzip" Last-Modified: Mon, 11 May 2020 21:12:04 GMT Server: Apache Strict-Transport-Security: max-age=63072000; includeSubdomains; preload Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Dispatcher: dispatcher1cacentral1 X-Frame-Options: SAMEORIGIN X-Vhost: publish Content-Length: 86177 Date: Tue, 12 May 2020 04:28:19 GMT Connection: close <!DOCTYPE html> <html class="no-js" lang="en"> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> but browser shows this coming from BURP, HTTP/1.0 200 Connection established Accept-Ranges: bytes Content-Type: text/html; charset=UTF-8 ETag: "150a1-5a565cc81a1a2-gzip" Last-Modified: Mon, 11 May 2020 21:12:04 GMT Server: Apache Strict-Transport-Security: max-age=63072000; includeSubdomains; preload Vary: Accept-Encoding,User-Agent X-Content-Type-Options: nosniff X-Dispatcher: dispatcher1cacentral1 X-Frame-Options: SAMEORIGIN X-Vhost: publish Content-Length: 86177 Date: Tue, 12 May 2020 04:28:19 GMT Connection: close This is Firefox 77.0b4. I don't understand why Firefox shows HTTP/1.0 when sending and HTTP/1.0 200 Connection established. Perhaps this is what it detects and receives from BURP's CONNECT proxy? I am fine with the browser's having to change the original POST request to a POST in CONNECT ..., but I wonder if at least the response code from the web application (404) should reflect in the browser? Perhaps, this is a bug in the browser's proxy client code?

Uthman, PortSwigger Agent | Last updated: May 12, 2020 08:26AM UTC