Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Cloudflare issues

Anthony | Last updated: Jan 23, 2023 05:43PM UTC

My issue is when I choose either Indeed, Cloudflare, or any other target to test the Cloudflare verification screen comes up with burps embedded browser. And all it does is ask if i am human and takes forever to verify me, which waste's time when I can go test elsewhere. Is there a way to bypass this issue or do I use foxy proxy on another site to catch all the requests instead it's just another annoyance I want to figure out thank you burp.

Ben, PortSwigger Agent | Last updated: Jan 24, 2023 10:50AM UTC

Hi Anthony, We are aware that Cloudflare is implementing some measures to fingerprint and detect the use of proxies to intercept HTTPS traffic (There is some information about this here if you are interested - https://blog.cloudflare.com/monsters-in-the-middleboxes). Unfortunately, if advanced detection methods are in use in your scenario, there is no simple way to get round this in the short term and also no easy fix for us to implement as a long term solution. Do you have examples of sites where this is impacting you? In some situations, where the checks in place are not that onerous, simply changing the User-Agent string being used (via a Match and Replace rule within Burp) is enough to circumvent the checks in place.

Robert | Last updated: Mar 14, 2023 01:45PM UTC

https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy/commit/0eafc71d7605d643f5282312db73618b29e979f2 I hate you so much CloudFlare ... added Burp Pro button and and a fast crawl config called "_JAMBOREE_Crawl_Level_01" that bypass most I can CF deppending on the enforced level

You need to Log in to post a reply. Or register here, for free.