Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Display Bug after a weird HTTP Response

Anony | Last updated: Feb 22, 2016 04:02PM UTC

While testing an application, I got the following HTTP Response: HTTP/1.1 200 OK Date: Mon, 22 Feb 2016 15:52:27 GMT Expires: Mon, 22 Feb 2016 15:52:27 GMT Cache-Control: no-cache, private, no-store Content-Type: text/javascript; charset=utf-8 Pragma: no-cache Date: Mon, 22 Feb 2016 15:52:27 GMT X-Lift-Version: xxxx X-Frame-Options: SAMEORIGIN Content-Length: 1 Connection: close HTTP/1.1 200 OK Date: Mon, 22 Feb 2016 15:52:09 GMT Expires: Mon, 22 Feb 2016 15:52:27 GMT Cache-Control: no-cache, private, no-store Content-Type: text/javascript; charset=utf-8 Pragma: no-cache Date: Mon, 22 Feb 2016 15:52:27 GMT X-Lift-Version: xxx X-Frame-Options: SAMEORIGIN Content-Length: 894 Connection: close sensitive_data_here_removed. It 894 bytes of data. ------ Notice how it looks like the server send TWO responses in one response. Their javascript was able to act on this, and perform an action. So they are expecting the weird output. But the thing is, in the BURP GUI, you do no see the 2nd response at all. I didn't even know it was there. I found run 'strings' on my burp temp file to find the full response. Anyway to make the BURP GUI show the entire (and totally invalid) HTTP response? Maybe make the code display the RAW response, not just the first valid response.

PortSwigger Agent | Last updated: Feb 23, 2016 09:44AM UTC