Burp Suite User Forum

Create new post

BurpSuite not following redirections

Steven | Last updated: Feb 05, 2016 09:34PM UTC

When entering a website which always redirects traffic from http:// to https://, burp is not redirecting automatically from the http to https. Is there a configuration which will let Burp do so?

PortSwigger Agent | Last updated: Feb 08, 2016 10:04AM UTC

Thanks for your message. Burp doesn't automatically follow any redirections when browsing, since your browser will take care of this in the normal way. If you are performing scanning, you can enable following of redirections, and this will normally be done if (a) the scan check in question wants/needs to follow redirctions; (b) the redirection target is in scope or the same host/port as the item being scanned.

Burp User | Last updated: Feb 10, 2016 04:45PM UTC

Hi, The browser does follow redirection as usually it is running standalone (without burp as a Proxy). When burp is enabled, the browser waits for Burp to do the redirection, however Burp does not automatically proceed. As if Burp is refusing to follow any redirecting. This is for normal browsing the site under Burp. Any ideas?

PortSwigger Agent | Last updated: Feb 10, 2016 04:48PM UTC

This doesn't sound right. Browsers are always responsible for following redirections regardless of whether a proxy is being used, and no normal proxy will automatically follow redirections on the user-agent's behalf. What type of redirection are you seeing? There must be some reason why the browser isn't following it in the normal way.

Burp User | Last updated: Feb 10, 2016 05:49PM UTC

The browser displays the following: The page isn't redirecting properly Iceweasel has detected that the server is redirecting the request for this address in a way that will never complete.

Burp User | Last updated: Feb 10, 2016 08:35PM UTC

I tried another browser (chrome): This webpage has a redirect loop ERR_TOO_MANY_REDIRECTS

Burp User | Last updated: Feb 10, 2016 08:57PM UTC

I found the reason: The option Convert HTTPS to HTTP was selected. Unchecking this option would make page redirection work.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.