Burp Suite User Forum

Login to post

Bug in makeHttpRequest when handle multiple redirect requests

Randy | Last updated: Nov 15, 2022 11:53PM UTC

Hi, I have a custom extension that perform an Oauth2 authentication before start an active scan. This extension work fine right up to the version 2022.9.5. The issue I seen happen when follow Oauth2 flow by calling to makeHttpRequest(java.lang.String host, int port, boolean useHttps, byte[] request). When makeHttpRequest function retrieve more than two 302 response, it will cause Burp to never call to processHttpMessage during the active scan. In the UI after loading my extension, I can see the authentication flow finish with no issue. But Burp will never call processHttpMessage, although I see the scanner is making requests. If I only have one processHttpMessage call that 302 response, the Burp will enter into processHttpMessage function. Please let me know if you need additional information Thank you

Hannah, PortSwigger Agent | Last updated: Nov 16, 2022 09:05AM UTC

Hi To clarify, your extension was working correctly in v2022.8.5 of Burp, but when upgrading to v2022.9.5, your extension is no longer functioning as intended. Could you drop us an email at support@portswigger.net with some more information and a screen recording or some screenshots of the behavior?

Randy | Last updated: Nov 16, 2022 03:21PM UTC

Hi, That is correct, my extension was working correctly in v2022.8.5 and it stop working when upgrading v2022.9.5. I will send information to the support email. Thank you

You need to Log in to post a reply. Or register here, for free.