Burp Suite User Forum

Create new post

Protocol and port missmatch in target - site map

floyd | Last updated: Mar 08, 2016 01:04PM UTC

Using burpsuite_pro_v1.6.39.jar (but had the problem in previous versions too) Brup Extender Plugins: Active Scan++, Error Message Checks, Java Deserialization Scanner, Software Version Reporter, Heartbleed I lately get a lot of the following kind of URLs in the site map tab: http://example.com http://example.com:443 https://example.com While the first and the last entry make sense and are correct, the second entry doesn't. SSL is configured on port 443 and therefore it is impossible that plaintext HTTP is talked on that port. However, burp claims it even gets valid responses from the server (200 and 500 in my case). Obviously I will not get a response when I try to repeat any of the requests in the Repeater tabs and send plaintext HTTP to port 443. This is not the first time I get this. I'm not sure under which circumstances this is happening, however, I often use content discovery from the engagement tools and active scan... I'm also using Burp Extender with a couple of plugins. Is it possible that one of the plugins is causing this?

PortSwigger Agent | Last updated: Mar 10, 2016 10:35AM UTC

There are two possible explanations: 1. The site actually contains some invalid links to http://example:443 2. An extension is wrongly adding these items to the site map, by specifying port 443 but not HTTPS. Since you said the site map contains actual responses for the relevant items, this strongly points towards explanation 2. We would suggest removing all extensions and see if the problem recurs.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.