Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Web application using Microsoft SignalR/5.0 fails to load through Burp

GarlicCheese | Last updated: Sep 21, 2021 06:18AM UTC

I'm facing a web application using Microsoft SignalR/5.0, which fails to load correctly via Burp (Professional, v2021.8.3). If I use no proxy or a Squid proxy with the browser, the application loads just fine. It appears as if the XMLHttpRequests from "X-Signalr-User-Agent: Microsoft SignalR/5.0" are delayed which renders the handshake invalid and therefore prevents the application from loading correctly. Unfortunately I can't share many details due to an NDA. I've tested the behavior via HTTP and HTTPS, with HTTP/2 and 1.1 no differences. What could cause this issue and how can I resolve this?

GarlicCheese | Last updated: Sep 21, 2021 06:41AM UTC

The same behavior is observable with mitmproxy or when using the integrated Chromium from Burp.

GarlicCheese | Last updated: Sep 21, 2021 06:41AM UTC

The same behavior is observable with mitmproxy or when using the integrated Chromium from Burp.

Liam, PortSwigger Agent | Last updated: Sep 21, 2021 12:45PM UTC

Hi GarllicCheese SignalR looks like it uses server-sent events. I have just checked our development backlog and it looks like the Connection header is still set to automatically close once a response is received. I will add your ticket to our internal one and let you know when this feature is released. Unfortunately, I cannot provide an ETA.

GarlicCheese | Last updated: Sep 21, 2021 07:17PM UTC

I've also traced back the issue to Server-Sent events. Thank you for the feedback.

lewis | Last updated: Aug 31, 2022 07:05AM UTC

Hey Liam, was this still in the backlog?

Liam, PortSwigger Agent | Last updated: Aug 31, 2022 09:21AM UTC

Hi Lewis, we made some changes that we hoped would alleviate this issue. If you're encountering a similar issue on a public-facing application, could you provide us with a URL to help us investigate?

lewis | Last updated: Sep 01, 2022 03:35AM UTC

Thanks Liam, I skipped the most obvious way to see if it was fixed and posted here before upgrading to the latest version (was using a 2021 build). Actually seems to mostly be working now, cheers.

Liam, PortSwigger Agent | Last updated: Sep 01, 2022 10:10AM UTC

Thanks for letting us know, Lewis.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.