Burp Suite User Forum

Create new post

Content type incorrectly stated

Martin | Last updated: Dec 10, 2015 12:20PM UTC

Somewhere in the last couple of updates the scanner has started flagging responses as "Content type incorrectly stated", when they appear correct. Something to do with the response being encoded with gzip? GET /fastcgitest/js/jquery.min.js HTTP/1.1 Host: 192.168.18.100:6871 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: */* Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://192.168.18.100:6871/fastcgitest/index.html Connection: close HTTP/1.1 200 OK Content-Type: application/javascript Content-Encoding: gzip Content-Length: 29481 Date: Thu, 10 Dec 2015 09:08:13 GMT ETag: "1370084484" Cache-Control: max-age=3600 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' Connection: close Server: lighttpd

PortSwigger Agent | Last updated: Dec 10, 2015 03:14PM UTC

Thanks for this. There are a few edge cases where Burp infers the wrong content type based on the actual response body, and so incorrectly reports this issue. We have a pending request to tighten up this logic to reduce false positives. We're not aware of any recent changes that might have specifically made this problem more prevalent.

Burp User | Last updated: Dec 10, 2015 08:07PM UTC

Thanks for the quick response. The issue is now reported for all the static content on the particular site I'm looking at, whereas it wasn't before I upgraded Burp in the last few days or so: 7 instances of this issue were identified, at the following locations: /fastcgitest/css/bootstrap.min.css /fastcgitest/css/login.css /fastcgitest/index.html /fastcgitest/js/bootstrap.min.js /fastcgitest/js/ie10-viewport-bug-workaround.js /fastcgitest/js/jquery.min.js /fastcgitest/js/login.js

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.