Burp Suite User Forum

Login to post

Content-Disposition: attachment downloads do not render

Reino | Last updated: Jul 22, 2019 05:35PM UTC

Hi, image file (jpegs) downloaded with the response header Content-Disposition: attachment does not have a render tab in the new version of Burp. This means that you cannot see the images within Burp. An example response that goes unrendered would be HTTP/1.1 200 OK Date: Mon, 22 Jul 2019 17:26:08 GMT Server: Apache/2.4.39 (Unix) X-Powered-By: PHP/7.2.19 Expires: 0 Cache-Control: must-revalidate Pragma: public Content-Description: File Transfer Content-Disposition: attachment; filename="hover.jpg" Content-Length: 15274 Connection: close Content-Type: image/jpeg Removing the Content-Disposition: attachment; response, or chaining it to inline causes the render tab to show again. Could you have a look? Regards

Liam, PortSwigger Agent | Last updated: Jul 23, 2019 01:04PM UTC

Reino, the example response you have given would result in the browser downloading and saving an attachment. "In a regular HTTP response, the Content-Disposition response header is a header indicating if the content is expected to be displayed inline in the browser, that is, as a Web page or as part of a Web page, or as an attachment, that is downloaded and saved locally." - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition This has been disabled for security reasons.

You need to Log in to post a reply. Or register here, for free.