The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Mystery URL tested as HTTP response header injection error

Sudhakar | Last updated: Nov 23, 2015 11:55PM UTC

After upgrading to version 1.6.30, found 4 critical errors. After debugging the issue seems like to tool is arbitrarily has a bug. See below for more details. Severe error category: HTTP response header injection. Basically the test case is trying to introduce a newline char in the URL and try to see if that can introduce anything on response header. Unfortunately I have 4 URL's for which instead of introducing newline char in the path, its using some weird string. In the below example, it is doing GET on GET /be6af%0df0ad2 HTTP/1.1 Host: MYURL:10440 instead of GET /your-babys-%0ddevelopment HTTP/1.1 Host: MYURL:10440 Example:(masked MYURL) 1.4. https://MYURL:10440/your-babys-development [URL path filename] Severity: High Confidence: Certain Host: https://MyURL:10440 Path: /your-babys-development Issue detail The value of the URL path filename is copied into the Location response header. The payload be6af[0x0d]f0ad2 was submitted in the URL path filename. This caused a response containing an injected HTTP header. Request: GET /be6af%0df0ad2 HTTP/1.1 Host: MYURL:10440 Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Response: HTTP/1.0 301 Moved Permanently Date: Fri, 20 Nov 2015 05:14:50 GMT Server: Apache/2.2.15 (CentOS) mod_jk/1.2.37 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Frame-Options: SAMEORIGIN, SAMEORIGIN Location: http://MYURL:10387/be6aff0ad2 Cache-Control: max-age=0 Expires: Fri, 20 Nov 2015 05:14:50 GMT Content-Length: 265 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="MYURL. ...[SNIP]... Appreciate if you can fix the bug soon. Also share the word around if any to suppress this error from active scan.

PortSwigger Agent | Last updated: Nov 24, 2015 03:53PM UTC