Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Scanner Timed Out but Repeater Succeeds

Tim | Last updated: Nov 11, 2020 04:09PM UTC

I'm performing a scan of a specific page of an ASP.Net web application. From Logger++ I can see every request to the site and in the Comment column it states "Timed Out" and Status states "-1". But, if I take that request to Repeater, the request functions successfully, and Logger++ lists that Repeater request with Status of 100. What are the possible reasons for this?

Uthman, PortSwigger Agent | Last updated: Nov 11, 2020 04:23PM UTC

Hi Tim, Do all requests after the first timed out request also time out? If so, is there any pattern in the failing requests? Is there any rate-limiting on the server or a WAF that initially blocked the request? Can you consistently replicate this if you scan the application again? Which version of Burp are you using?

Tim | Last updated: Nov 11, 2020 05:25PM UTC

1) Not all requests report time out, most do however. None of the Scanner requests ever check the Complete box and All of them have a "-1" value in Status. 2) I can see no patterns. The only distinguishable item is that I can use the repeater for a Scanner request and it succeeds. 3) There is no rate-limiting nor WAF on the system. This is a development environment and all of those controls have been turned off for ease of development purposes. 4) Yes, I can consistently replicate this. 5) Burp Suite Professional v2020.11 Trial User License. I am evaluating this product in order to mitigate findings discovered by HCLs AppScan product. I don't have access to AppScan so I was hoping to purchase Burp Suite, mitigate items, perform a scan, rinse and repeat.

Uthman, PortSwigger Agent | Last updated: Nov 12, 2020 09:26AM UTC

Thanks a lot for that information, Tim. If you could send us an email with the information below, that would be great. We will have a discussion with our development team. - Screenshots of the request timeout errors in the scan task (View details > Audit items) - Screenshots of Logger++ (or a CSV of the output) showing the requests that time out - Diagnostics taken when this issue appears (Help > Diagnostics)

Tim | Last updated: Nov 13, 2020 02:40AM UTC

Email sent to support@portswigger.net on 12-Nov-2020 at 19:35hrs MT with subject Scanner Timed Out but Repeater Succeeds. Let me if you do or do not receive it.

Uthman, PortSwigger Agent | Last updated: Nov 13, 2020 09:52AM UTC

Thanks, Tim. We have received your email.

Tim | Last updated: Nov 20, 2020 02:13AM UTC

Just checking in on this issue. Do you need anything else from me?

Uthman, PortSwigger Agent | Last updated: Nov 20, 2020 09:03AM UTC

Hi Tim, I replied to your email on 13/11. I have just resent the reply. Can you please double-check your junk/spam folder too?

Tim | Last updated: Nov 24, 2020 01:45AM UTC

I don't have an email from you. I've checked my spam/junk and nothing.

Uthman, PortSwigger Agent | Last updated: Nov 24, 2020 10:28AM UTC

Hi Tim, have you checked your Gmail account too? Your original message was sent from a Gmail account and my reply is below: Can you please share a screenshot of a request working in the repeater but not when sent by the scanner? If you have any issues, can you please send a new email?

Gim | Last updated: Feb 10, 2022 01:25PM UTC

Hi Uthman, Just wanted to know if you have found any issues on the machine or the cause of the issue that was raised here. I have experienced it now and would like to find out if the fix done on his end could be done on mine.

Ben, PortSwigger Agent | Last updated: Feb 11, 2022 10:07AM UTC

Hi, Just to clarify, you have the exact same issue as the original poster in this thread in that you are seeing requests made by the Burp Scanner time out but when you manually issue these requests via Repeater they are issued successfully and elicit a response?

Carson | Last updated: Apr 13, 2022 06:52PM UTC

Hi all, I am experiencing a similar or the same issue. I am able to send a request in Repeater and receive the response in Repeater, but the response is not received in Logger or Logger++; they are listed with a -1 "Timed Out" Status. This is the case with requests made by Scanner as well, which is preventing me from performing a scan. I am available to provide more information to help resolve this issue.

Ben, PortSwigger Agent | Last updated: Apr 14, 2022 09:19AM UTC