Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Embedded Browser

kheewei_chia | Last updated: Mar 17, 2021 04:36AM UTC

Hi, I use the embedded browser to access any site, it returns "Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH" in console. Any idea what is the issue?

Michelle, PortSwigger Agent | Last updated: Mar 17, 2021 09:44AM UTC

Thanks for your message. Which version of Burp are you using? Do you have any extensions enabled? If so, does disabling the extensions change the behavior? Are any errors reported if you go to the Help menu and run the Embedded browser health check?

kheewei_chia | Last updated: Mar 17, 2021 10:02AM UTC

Burp version I using is v2021.3.1. I have extensions enabled, I tried to disable Collaborator Everywhere extension but it still behave the same. There is no error reported in embedded browser health check.

kheewei_chia | Last updated: Mar 17, 2021 10:02AM UTC

Burp version I using is v2021.3.1. I have extensions enabled, I tried to disable Collaborator Everywhere extension but it still behave the same. There is no error reported in embedded browser health check.

kheewei_chia | Last updated: Mar 17, 2021 10:33AM UTC

I try to launch scan with embedded browser, I able to observe that it can crawl the site. But, when I try to intercept the request using the embedded browser, it returns "Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH" in console.

Michelle, PortSwigger Agent | Last updated: Mar 17, 2021 03:17PM UTC

Can you email support@portswigger.net with the following so we can take a closer look, please? - Output from Help->Diagnostics - URL of the site you are trying to connect to when this happens - A screen recording showing the steps as you intercept the traffic and see the error. Are you editing the request at all when you intercept it?

Bart | Last updated: Mar 15, 2024 02:54PM UTC

Hi, I'm bumping this post 3 years after date, did you find a solution for this? I'm having the same issue with Burp Suite v2024.1.1.6. I only seem to be having this with one URL with the built-in Chrome, from a local instance of OWASP Juice Shop: http://localhost:3000/ Other URLs seem to be fine, and when I open the URL in Firefox (123.0.1) or a regular Chrome (122.0.6261.129) it all works without issues. The errors that are shown in the dev tools console are: GET http://localhost:3000/main.js net::ERR_CONTENT_LENGTH_MISMATCH 200 (OK) GET http://localhost:3000/styles.css net::ERR_CONTENT_LENGTH_MISMATCH 200 (OK) GET http://localhost:3000/vendor.js net::ERR_CONTENT_LENGTH_MISMATCH 200 (OK) When I refresh the page, some of the resources then get through (they seem to have an added "Range" header in the requests), but then other resources start throwing the same error.

Bart | Last updated: Mar 15, 2024 02:59PM UTC

I also tried to clean and uninstall Burp Suite, and go back to a version from last year (v2023.12.1.5), with a previous Chromium version, but it was the same issue. I have been using the built-in browser for Juice Shop a while back without any problems, so I'm not sure what's causing this or when it started happening.

Michelle, PortSwigger Agent | Last updated: Mar 15, 2024 03:50PM UTC

Hi In the previous case, the user had an extension installed that was causing the problem. Do you have any extensions enabled within Burp? If so, does disabling them change the behavior?

Bart | Last updated: Mar 15, 2024 03:57PM UTC

Hi Michelle, thanks for your swift reply! I have disabled all extensions now (Turbo Intruder, JSON Web Tokens, JWT Editor), but the issue persists. I had also tried without any extensions with a completely clean older version, it was still the same.

Bart | Last updated: Mar 17, 2024 04:30PM UTC

Update: I tried investigating a bit more, when I run Burp 2024.1.1.6 on Kali Linux, everything is working fine. Only on Windows the issue occurs, and now it also happens in Firefox with FoxyProxy, although the error there is "NS_ERROR_NET_PARTIAL_TRANSFER". All extensions are disabled (started temporary project with checkbox checked for disabling extensions). I ran the browser's health check with "Help > Health check for Burp's browser", all checks are green. For some more context, it happens with the OWASP Juice Shop 16.0.0 running on Node.js 20.11.1, but these are also the versions that are working on Kali, and I also tried older versions (JS 15.2.1 on Node.js 18.18.0, etc).

Michelle, PortSwigger Agent | Last updated: Mar 18, 2024 10:42AM UTC

Hi Thanks for the extra information. Which part of the OWASP Juice Shop app were you visiting when you saw this error? If you clear the embedded browser cache (Settings > Tools > Burp's browser > Browser data > Clear all), does this change the behavior?

Bart | Last updated: Mar 19, 2024 04:40PM UTC

This was on the home page of the Juice Shop, while loading the .js files. I've tried clearing the browser data as suggested, unfortunately the issue remains. I checked with a colleague, he was also able to reproduce the same issue under the same circumstances (Win 11, latest Burp Suite, same versions of Node.js/Juice Shop).

Michelle, PortSwigger Agent | Last updated: Mar 20, 2024 02:01PM UTC

Hi Are the two Windows machines you've tested form configured in the same way? Are they virtual or physical machines? If you test using the public version of Juice Shop (https://demo.owasp-juice.shop/), do you see the same issue?

Bart | Last updated: Mar 21, 2024 08:18AM UTC

Hello, The 2 Windows machines are physical machines, and they are indeed configured in the same way, also using the same Node.js version (20.11.1 with Juice Shop 16.0.0). The issue doesn't occur on the demo version you linked, and neither does it occur on the demo Juice Shop that was still deployed on Heroku: https://juice-shop.herokuapp.com/ So it seems to be strictly related to the version running in Node.js. I'm giving a training on the Juice Shop with Burp Suite next week, and the students will normally also run it in Node.js, so I'm a bit worried it might occur on all Windows machines with the latest versions. I will try to provide an alternative for them with an online deployment, but would it be possible from your end to try to reproduce the issue with the same Node versions etc on Windows? Many thanks in any case for your help in investigating this so far.

Bart | Last updated: Mar 21, 2024 09:06AM UTC

Maybe one more addition: when I run it in Node.js and I just open Juice Shop in a regular Firefox or Chrome, it works fine, it's only once you start proxying it through Burp that it happens.

Michelle, PortSwigger Agent | Last updated: Mar 21, 2024 04:37PM UTC

If this works on Linux, then that would imply there are no fundamental issues with the versions. From the message you're seeing, this could be network-related, with files not being fully downloaded/content lengths not being as expected. I'll do some checks to see if there are any known issues. Out of interest, have you ever tried setting this up on a Windows VM? Are there any additional messages in Burp's Event log? Could you also email a copy of the output from Help > Diagnostics to support@portswigger.net?

Bart | Last updated: Mar 22, 2024 09:12AM UTC

Hi, I just tried it with a third colleague, and he also has the exact same problem under the same circumstances, so it is reproducible with the same versions it seems. The .js files that have the issue, are the ones loaded from localhost by Node.js when navigating to the home page, see also the files listed in the terminal logs from Node.js below. So it doesn't seem network-related, also given the fact that it works fine in a regular browser without a proxy. I haven't tried it in a Windows VM yet, this is also not a (favorable) option for the trainings. I have just tried it in Docker though, this has the same problem. So the only option I seem to be having for now is to deploy it online for each trainee. I don't see any specific messages related to this in the Event Log, or in Logger++. I will send the information to the support email address, thank you! ----------------------- Terminal log: > juice-shop@16.0.0 start > node build/app info: All dependencies in ./package.json are satisfied (OK) info: Detected Node.js version v20.11.1 (OK) info: Detected OS win32 (OK) info: Detected CPU x64 (OK) info: Configuration default validated (OK) info: Entity models 19 of 19 are initialized (OK) info: Required file server.js is present (OK) info: Required file styles.css is present (OK) info: Required file main.js is present (OK) info: Required file runtime.js is present (OK) info: Required file index.html is present (OK) info: Required file vendor.js is present (OK) info: Required file polyfills.js is present (OK) info: Port 3000 is available (OK) info: Chatbot training data botDefaultTrainingData.json validated (OK) info: Domain https://www.alchemy.com/ is reachable (OK) info: Server listening on port 3000

Michelle, PortSwigger Agent | Last updated: Mar 22, 2024 02:09PM UTC

Hi We've got your email, so we'll take a look and be in touch soon.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.