Burp Suite User Forum

Login to post

Fails to capture Location HTTP header field

Peter | Last updated: Jun 09, 2016 11:37PM UTC

Hi, I am using Burp v1.7.03 and it appears burp is not capturing the redirection requests from a 302 (found) contained in a response; were the HTTP header field contains a valid ‘Location: https://xxxx.xxxx.com’ value. I can see the redirection is called/loaded within the browser (firefox) window, but not captured/recorded in burp. I note on the page https://portswigger.net/burp/help/options.html Project-level options are stored within the Burp project file for disk-based projects. They can also be saved and loaded from project configuration files. And under https://portswigger.net/burp/help/options_http.html Redirections These settings control the types of redirections that Burp will understand in situations where it is configured to follow redirections. The following types of redirection can be selected: 3xx status code with Location header I cannot see under Burp v1.7.03 – how to configure Redirections – I have not set the scope on the target domain Thanks Peter

PortSwigger Agent | Last updated: Jun 13, 2016 01:39PM UTC

You can configure support for different redirection types at Project options / HTTP / Redirections. By default, Burp supports 3xx status code with Location header. What operation are you carrying out when you say that Burp is not capturing redirections? This depends on the tool and task being performed. For example, the Scanner will by default follow redirections where necessary (as described here https://portswigger.net/burp/help/scanner_options.html#engine) while the Proxy will not follow redirections itself but will leave these for the browser to follow.

You need to Log in to post a reply. Or register here, for free.