Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Postman and Burp Suite pro Proxy error

Shay | Last updated: Mar 21, 2022 11:40AM UTC

Hi, I tried a new Postman collection which without the proxy configuration is valid means I get the expected responses in the Postman and configuration is well defined. I set the following configurations: Postman and Burp Suite proxy: 127.0.0.1:8080, SSL is disabled. I can see the request in the Burp Suite proxy and when I click Forward I get in the Postman 400 error code and "message": "Bad Request" same if I try to use the Repeater. Trying to do the same for Postman to Fiddler it was fine, so it has to be a Burp Suite configuration. Please point us to what can be done. Thanks

Michelle, PortSwigger Agent | Last updated: Mar 21, 2022 03:45PM UTC

Thanks for your message. To help us investigate this for you would you be happy to share some screenshots of the requests and responses when they are sent via Postman and the request as it is intercepted in Burp? If so, can you email them to support@portswigger.net, please? Which version of Burp are you using? Can you tell us about the requests and the application, e.g. is any authentication required, does the site support HTTP/2? Do you see this behavior with multiple sites or just a specific one?

Shay | Last updated: Mar 21, 2022 04:17PM UTC

Hi, As for the screenshots I'll see what I can do. I'm using Burp Suite pro v2022.2.4. I'm testing APIs. I tested a different API (POST) by setting to HTTP1.1 in this case the request behaved as expected. For the other API (GET) it didn't help and I still get 400 error code. I modified the request to HTTP 1.1 from the Inspector window in the request, is there a way to set it as a default? I verified the intercepted request is as expected, does Burp add anything to it before sending it forward? Thanks

Michelle, PortSwigger Agent | Last updated: Mar 22, 2022 10:59AM UTC

Thanks for the update. Burp will only send HTTP/2 requests if it has been told by the server that HTTP/2 is supported. If one of the requests fails when you are using HTTP/1.1 then there may be other issues we need to investigate. Do you have any extensions enabled? Can you send some screenshots of the requests and responses as they appear in Postman when they work and as you see them in Burp when they don't work so we can take a closer look, please?

Shay | Last updated: Mar 22, 2022 01:29PM UTC

Hi, After setting the configuration in proxy options to allow only HTTP1.1, the both APIs requests behaved as expected. Thanks

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.