Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Proxy not working for SOCKS connections

Mauro | Last updated: Apr 13, 2024 02:13AM UTC

I can't see any WebSocket traffic history in Burp when trying the Academy Lab `Manipulating the WebSocket handshake to exploit vulnerabilities`. I've tried with the following versions of Burp in my Kali Linux 2023.4-amd64: * Burp Professional 2023.12.1.5 * Burp Community 2023.11.1.3 And with the following browsers: * Firefox 124.0.2 (64-bit) * Firefox ESR 115.6.0esr * Google Chrome 123.0.6312.122 * Google Chromium 121.0.6167.160 Both with the native Proxy settings in Firefox, and with FoxyProxy in Chromium, and I am not able to see any WebSocket traffic. Moreover, when the proxy is enabled, the connection to the Live Chat can not be done. As soon as I disable the proxy, the Live Chat works fine in every browser. Any hint on what is happening?

Dominyque, PortSwigger Agent | Last updated: Apr 15, 2024 07:21AM UTC

Hi Mauro From your description, it sounds like this is mainly about WebSockets. Can you provide some detail about how SOCKS relates to this issue? Do you have a SOCKS proxy setup? Can you please provide a screen recording of your attempt at the lab so we can have a look at what may be going wrong? You can email this to support@portswigger.net.

Mauro | Last updated: Apr 16, 2024 02:16AM UTC

Hi Dominyque, Thanks for the reply! I just emailed support with screenshots and more details about this. Yes, it is about WebSockets. The connection with SOCKS was just an idea about why maybe Burp was not intercepting any WebSockets traffic because it's the main problem here. I can't really see any WebSockets traffic no matter what browser, Burp version, or proxy I use. I do not have a specific SOCKS proxy, but I've tried configuring one with FoxyProxy and with the native Firefox Proxy settings, and trying it alone, and together with the regular HTTP Proxy, and it didn't work. Now I am trying again just with the regular HTTP Proxy leaving empty the SOCKS Proxy configuration as I've seen recommended in other queries. Thanks!

Dominyque, PortSwigger Agent | Last updated: Apr 16, 2024 06:29AM UTC

Hi Mauro Thank you for that information! We received your email and will respond there after looking at the screenshots provided :)

Ellipsis | Last updated: May 03, 2024 11:05PM UTC

Hello, I have the same problem as Mauro about establishing the connection to live chat, have you determined the source of the problem? The problem lies in the fact that if the requests sent by my browser are intercepted by burp proxy (without being modified) before being sent, then the server responds with Protocol Error. If the requests are not intercepted by burp proxy, everything works and the websocket connection is established normally. This problem prevents me from resolving WebSocket labs. I'm using version 2024.1.1.6.

Dominyque, PortSwigger Agent | Last updated: May 06, 2024 08:02AM UTC

Hi Ellipsis We established that Mauro had Intercept turned on while attempting the WebSocket labs. With the 'Intercept is on' configuration set Burp will be stalling requests within the Proxy -> Intercept tab in order for you to perform some manual action on them. At this point the request will not have reached the destination web server so the page will not load. Generally speaking, unless you want to modify the requests in real time, we would recommend you have this set to 'Intercept is off'. With this configuration the requests will still pass through Burp (and will be viewable within the Proxy -> HTTP history tab) but you will not have to perform any manual action on them. Please try keeping intercept off when doing these labs. Does this allow you to solve them?

David | Last updated: May 07, 2024 04:33PM UTC

I am seeing similar behavior. I see the GET request and response requesting upgrade to websocket, but then no websocket traffic is captured. I have tried disabling stripping Proxy headers and Strip Sec-WebSockey-Extension headers in incoming requests. No change.

Dominyque, PortSwigger Agent | Last updated: May 08, 2024 07:07AM UTC

Hi David To confirm, you have intercept disabled? Can you please send us a screen recording at support@portswigger.net of the steps you are taking so we can better advise?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.