Burp Suite User Forum

Create new post

False Positive based on Last-Modified header

Syed | Last updated: Jun 14, 2024 05:54AM UTC

Hi, Burp Scanning does check for "Date" header and its modification, even though its modified in response, it wouldn't call that a "Response Modification". However, the header "Last-Modified" is not whitelisted and actually when it modifies because of the time, whatever payload/attack burp is doing, it reports it as valid because of this. Even though it is a false positive. The "Content-Length" header too remains the same! One such example I came across is "LDAP Injection", based on "Last-Modified" header, burp declares this as a valid issue even though it is false positive. If the "Last-Modified" header can be excluded too, that would really save a lot of FPs and manual validation. POCs: Burp Reporting LDAP Injection: https://i.imgur.com/txqyRqd.png Response 1 (one highlighted item: Last-Modified header): https://i.imgur.com/XWak3Iw.png Response 2 (one highlighted item: Last-Modified header): https://i.imgur.com/1Wr4lxE.png

Hannah, PortSwigger Agent | Last updated: Jun 14, 2024 03:20PM UTC

Hi Is this a frequent false positive that you encounter? Could you drop us an email at support@portswigger.net with some more information so that we can look into this further? Please can you also include the version of Burp that you are using.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.