Burp Suite User Forum

Login to post

Failed to replay recorded login sequences

Wei | Last updated: Dec 21, 2020 10:31PM UTC

I followed the recorded login sequences instruction and successfully generated JSON objects for application login data. But I'm not able to replay and validate the data. All I see is a blank webpage during the replay. I inspected the page and found out it failed to load a vendor.js file and the file is under pending status all the time. This file only fails during the replay process. My application is an Angular Web Application and vendor.js contains all the dependencies for the project. Please let me know if you have any solution for it. Thank you.

Michelle, PortSwigger Agent | Last updated: Dec 22, 2020 12:41PM UTC

Thanks for your message. Can you confirm which version of Burp you are using, please? Are there any errors when you try to replay the recorded login sequence and it fails to load the vendor.js file? Would you be happy to share some more details about these issues with us directly so we can discuss them in more detail? If so, can you send an email to support@portswigger.net, please?

Philip | Last updated: Jan 08, 2021 10:37PM UTC

I'm running into a similar problem where a Javascript file for a single page app is trying to be fetched, but Chromium reports that the request is stalled/hanging. I've been able to reproduce the issue if I use the Replay button to launch the browser via the GUI, although not reliably. I assume something is going awry in Burp's proxy server layer dealing with the javascript, because if I start BurpSuite Pro's Chromium with similar flags as with "Replay" but remove --proxy-server=localhost:52955 --proxy-bypass-list=<-loopback> I can execute the login process just fine Running Burp Suite Pro 2020.12.1

Michelle, PortSwigger Agent | Last updated: Jan 11, 2021 10:50AM UTC

Thanks for your message. Can you email us (support@portswigger.net) with a screen recording of using the Replay sequence and tell us a bit more about the login sequence so we can take a closer look, please? Are there any pop-ups during the login sequence? It would also be useful to see an HTML snippet of the login page and see the details of the script that you have recorded (before sending this last piece of information though please check this to remove/change the details that would show the password).

You need to Log in to post a reply. Or register here, for free.