Burp Suite User Forum

Login to post

BURP built-in Chrome browser forcing HTTPS on HTTP site problem

Sylvain | Last updated: Jun 17, 2023 07:33AM UTC

Hi, I had the same problem described in the thread below (firefox) but for the Burp Chrome built-in browser! https://forum.portswigger.net/thread/burp-proxy-forces-https-in-the-firefox-private-window-5930dfca I am testing a vulnerable site that only has HTTP implemented. I start the Burp chrome browser on the latest BURP Suite pro build (stable), I go to the http URL and it automatically redirects to HTTPS and thus gives me an error from burp (do not understand https reply... because it is not https). I tried to enable that convert HTTPS links to HTTP but that makes no difference. It has been a very long time since I tested against an HTTP site so I can't say if it has been like that for a while... But can you please give us the ability NOT to convert HTTP traffic to HTTPS. I think it must be a setting in Chrome actually that probably makes it "safer" for the user. But in the default config of the BURP chrome browser this should be disabled. In the end I just started another browser (firefox) with manually configuring the proxy to BURP and I could do my tests. Would you be good if you could do that by default with your built in chrome browser. Thanks.

Dominyque, PortSwigger Agent | Last updated: Jun 19, 2023 10:14AM UTC

Hi Can you confirm that you have disabled the 'Convert HTTPS links to HTTP' in the proxy settings? We are aware that this is a bug that we have been seeing lately and have raised a bug ticket for it. So if your above setting is disabled, a possible workaround is: When browsing to the HTTP site, turn intercept on and drop the first HTTPS request

DA | Last updated: Jul 04, 2023 07:28AM UTC

Both solutions are effective. The first setting is that if you enter a complete HTTP protocol URL, it will not redirect to https. However, if you directly enter a domain name, it will still redirect to https. Discarding the first request packet will not redirect to https. Will there be a thorough solution in the future?

Dominyque, PortSwigger Agent | Last updated: Jul 04, 2023 09:22AM UTC

Hi There should be a fix for this, hopefully in the next release.

Rizky | Last updated: Jul 17, 2023 06:27AM UTC

Hi, Please fix this embedded chromium force https annoying problem.

Dominyque, PortSwigger Agent | Last updated: Jul 17, 2023 08:15AM UTC

Hi Have you updated to the latest version? The Early Adopter v2023.7 has this fix in the release, as seen in the release notes: https://portswigger.net/burp/releases/professional-community-2023-7?requestededition=professional.

nehakakar | Last updated: Aug 07, 2023 07:39PM UTC

Check all the settings within Burp Suite, including any options related to HTTP-to-HTTPS conversion or automatic redirection. It's possible that there is a specific setting or configuration that can control this behavior. Some of Chrome's settings may affect its behavior. You can try modifying Chrome's settings related to HTTPS and automatic redirection to see if it has any impact on the behavior of the Burp Suite's browser. Also verify on this tool redirectchecker.com if this can help you.

Ksenia | Last updated: Dec 08, 2023 10:37AM UTC

I have the same issue after the last update. Please fix the built-in browser's default behavior, it is nearly impossible to use Burp for me now.

Dominyque, PortSwigger Agent | Last updated: Dec 08, 2023 10:51AM UTC

Hi Ksenia Can you please send an email to support@portswigger.net with your diagnostics which you can find by navigating to Help> Diagnostics? Please also attach screenshots of the issue you are experiencing.

You need to Log in to post a reply. Or register here, for free.