Burp Suite User Forum

Login to post

Intercept non HTTP protocols

Mathias | Last updated: Jan 27, 2015 10:07AM UTC

An ability to intercept non-HTTP protocols (perhaps an API feature to let users code extensions for relevant protocols). A situation arrived at work involving SIP. Getting the traffic to pass through Burp was easy, but without an ability to intercept INVITE (and so forth) it lead to creating custom tools instead.

PortSwigger Agent | Last updated: Jan 27, 2015 11:19AM UTC

Sorry folks, we have no current plans to support non-HTTP-based protocols in Burp.

Burp User | Last updated: May 18, 2015 09:41AM UTC

As pentester i'm often coming into the situation to intercept non HTTP traffic. Using SSLSplit or mitm-Proxy it is easily possible to sniff ssl secured data, but making changes is not possible, AFAIK. Therefore I would appreciate if I could use my prefered tool Burp for these situations too.

Burp User | Last updated: Aug 04, 2015 07:48PM UTC

yes PLEASE BURP, start supporting other application layer protocols like SIP, XMPP, IMAP !!! it would make Burp the ultimate go to proxy tool !!! you're limiting this tool to HTTP type traffic only, web is evolving !! and so are the services provided we need support for other app level protocols !!

Burp User | Last updated: Aug 12, 2016 07:03PM UTC

I have a solution on my github site. Gave a talk in the BlackHat Arsenal this year about this new extension. https://github.com/summitt/Burp-Non-HTTP-Extension

Burp User | Last updated: Jan 12, 2017 12:19PM UTC

There is also that: https://github.com/jrmdev/mitm_relay It does not require any third party extensions. It works by wrapping TCP and UDP packets into HTTP Requests and forwarding to Burp. It does all the SSL / STARTLS stuff, so there is no need for funky configs into Burp.

Burp User | Last updated: Aug 21, 2018 10:09AM UTC

Burp Folks! The TCP proxy interception is a must feature... Please consider again. There are a lot of applications based on TCP. Thanks Shuki

You need to Log in to post a reply. Or register here, for free.