Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Port being added only to the Host header instead of target URL

John | Last updated: Jul 27, 2021 09:03AM UTC

Hello, I've noticed a new bug, something that didn't happen before. Currently using burpsuite_pro_v2021.6.2, Windows 10, Google Chrome 91.0.4472.164 So when trying to access http://123.124.125.126:1337 I've noticed that port 1337 is added only to the Host header: [...] Host: 123.124.125.126:1337 [...] While the target site remains http:/123.124.125.126, and port 80. In the past, this was not an issue but I've recently tested on two different sites, one hosted in google cloud services and another one on a random hosting company. I was not able to access any web server running on other ports than 80 or 443, because the port is added to the Host header and not to the target URL. This is very annoying, please make sure the target URL gets updated with the correct port number.

Uthman, PortSwigger Agent | Last updated: Jul 27, 2021 10:31AM UTC

Hi John, Can you check if the REST API is running under User options > Misc > REST API? If you access e.g. http://localhost:3000 in a browser, the port number is appended to the Host header and that is expected behavior. Can you clarify what your issue is, please? What are the steps to replicate this? If you access 123.124.125.126:1337 in the embedded browser, do you see http://123.124.125.126:1337 in the Proxy > HTTP History? Does your issue persist with extensions enabled? Can you please share diagnostics (Help > Diagnostics) and a screen recording to support@portswigger.net?

Uthman, PortSwigger Agent | Last updated: Jul 27, 2021 02:24PM UTC

For anyone else who faces this issue, disabling extensions fixed it for John. I would suggest investigating further to determine which extension could be the culprit.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.