Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Enable proxy-style request

Adrian | Last updated: Aug 22, 2017 08:56PM UTC

This would be useful in the following scenario: 1) portal.example.org is available externally (to everyone) 2) admin.example.org is restricted to internal network access only 3) Apache with the following configuration: <VirtualHost *> ServerName portal.example.org ServerAlias portal-*.example.org ProxyRequests On ProxyPreserveHost On ProxyPassMatch ^/admin(.*) http://127.0.0.1:8323/admin$1 #ProxyPassReverse /admin http://127.0.0.1:8323/ ProxyPass / http://127.0.0.1:8322/ ProxyPassReverse / http://127.0.0.1:8322/ ......... </VirtualHost> In order to get access to admin.example.org from an external network you will need to: Set Target Host: portal.example.org Set Target Port: 443 Request: GET http://admin.example.org/foo.php HTTP/1.1 Host: admin.example.org ...... And this attack was successful in my case, I was able to get access to admin area from outside world. Next go to Proxy -> Options -> Proxy Listeners -> Edit -> Request handling: Redirect to host: portal.example.org Redirect to port: 443 Open a browser (proxy 172.0.0.1:8080) and navigate to http://admin.example.org/foo.php and check proxy HTTP history. It will look like: GET /foo.php HTTP/1.1 Host: admin.example.org So we could add a new feature: Proxy -> Options -> Miscellaneous -> "Enable proxy-style request" When this option is enabled, the request will be automatically modified to (absolute URL): GET http://admin.example.org/foo.php HTTP/1.1 Host: admin.example.org And you won't need to intercept the request and modify it manually. I hope it makes sense. For any questions feel free to ask.

Liam, PortSwigger Agent | Last updated: Aug 23, 2017 10:55AM UTC