Burp Suite User Forum

Create new post

Enable proxy-style request

Adrian | Last updated: Aug 22, 2017 08:56PM UTC

This would be useful in the following scenario: 1) portal.example.org is available externally (to everyone) 2) admin.example.org is restricted to internal network access only 3) Apache with the following configuration: <VirtualHost *> ServerName portal.example.org ServerAlias portal-*.example.org ProxyRequests On ProxyPreserveHost On ProxyPassMatch ^/admin(.*)$1 #ProxyPassReverse /admin ProxyPass / ProxyPassReverse / ......... </VirtualHost> In order to get access to admin.example.org from an external network you will need to: Set Target Host: portal.example.org Set Target Port: 443 Request: GET http://admin.example.org/foo.php HTTP/1.1 Host: admin.example.org ...... And this attack was successful in my case, I was able to get access to admin area from outside world. Next go to Proxy -> Options -> Proxy Listeners -> Edit -> Request handling: Redirect to host: portal.example.org Redirect to port: 443 Open a browser (proxy and navigate to http://admin.example.org/foo.php and check proxy HTTP history. It will look like: GET /foo.php HTTP/1.1 Host: admin.example.org So we could add a new feature: Proxy -> Options -> Miscellaneous -> "Enable proxy-style request" When this option is enabled, the request will be automatically modified to (absolute URL): GET http://admin.example.org/foo.php HTTP/1.1 Host: admin.example.org And you won't need to intercept the request and modify it manually. I hope it makes sense. For any questions feel free to ask.

Liam, PortSwigger Agent | Last updated: Aug 23, 2017 10:55AM UTC

This sounds like something you could could implement using Burp Extender: Have you checked out the Extender section of our website: - https://portswigger.net/burp/extender/

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.