Burp community forum

Burp proxy doesn't show responses with 1xx codes in HTTP history

Mike | Last updated: Sep 04, 2015 02:37PM UTC

On a recent engagement, we encountered an application that uses websockets. The application upgrades the connection post-login. For example, (borrowed from Wikipedia) GET /test HTTP/1.1 Host: server.example.com Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw== Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 Origin: http://example.com HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk= Sec-WebSocket-Protocol: chat When you use the burp suite search function, you can find the request(s)/response(s) and they are stored in the proxy, but they aren't shown in the HTTP history. Our guess is it’s because the filter in the http history doesn't have an option for 1xx responses like it does for others, and therefore doesn't show it? Was wondering if anyone has encountered this before?

PortSwigger Agent | Last updated: Sep 07, 2015 01:38PM UTC

We're not able to reproduce this problem. With Burp's proxy history view filter set to show all items, and all other settings set to defaults, when a browser performs a WebSockets negotiation, Burp shows a history item with status code 101 and the full request/response messages along the lines that you gave in your example.

Burp User | Last updated: Sep 17, 2015 09:33AM UTC

Hi Dafydd, Thanks for looking into this. We took a closer look at the data. It turns out the 101 response wasn't being returned with a standard mime-type and the filter wasn't set to show it. Sorry for the false alarm, this issue can be closed. Mike

bigbro1989 | Last updated: Feb 20, 2020 07:33PM UTC

Hi, I am facing the similar issue, Would you mind telling which filter to be taken care of. - Artha

Uthman, PortSwigger Agent | Last updated: Feb 21, 2020 09:25AM UTC

Hi Artha, Can you check if 'Understand 100 Continue responses' is selected under Project options > HTTP?

You need to Log in to post a reply. Or register here, for free.