Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Unexpected behaviour of the audited application when using Vaadin

Anthony | Last updated: Jul 15, 2022 02:34PM UTC

I have tried to use several browsers to audit the platform but I always run into the same problem. In case the browser proxy is configured to work with Burp the application does not behave as expected. For example for the connection request, the application does not generate an error and then it returns to the connection page. For other requests in general, the behaviour is the same: the request is made, the loading is done and then the application sends me back to the state before the request, as if no action had been taken. The platform uses Vaadin and I think that the problem may come from this framework. Do you have any idea where the problem is coming from?

Hannah, PortSwigger Agent | Last updated: Jul 18, 2022 09:45AM UTC

Hi Are you trying to proxy traffic through Burp using a browser, or are you using Burp to scan your site? Are your requests using HTTP/1.1 or HTTP/2?

Anthony | Last updated: Jul 19, 2022 07:53AM UTC

Hi, I'm running traffic through Burp using a browser and request use HTTP/1.1.

Hannah, PortSwigger Agent | Last updated: Jul 19, 2022 02:47PM UTC

Thanks for that information! If you check the Logger tab, can you see the outgoing request from Burp? If you send a request to the site from Repeater (you can "Right-click > Paste URL as request" as a quick way to generate a Repeater request), does the server return an appropriate response?

Anthony | Last updated: Jul 25, 2022 01:33PM UTC

I can see the outgoing requests in the logger. The login request usually sends several requests with username and password separately.

Hannah, PortSwigger Agent | Last updated: Jul 26, 2022 07:56AM UTC

If you open developer tools in your browser, open the console tab and go through your login process again, do you receive any error messages in your console? Would it be possible for you to drop us an email with some screenshots or a screen recording of your issue at support@portswigger.net?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.