Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Web application using Microsoft SignalR/5.0 fails to load through Burp

GarlicCheese | Last updated: Sep 21, 2021 06:18AM UTC

I'm facing a web application using Microsoft SignalR/5.0, which fails to load correctly via Burp (Professional, v2021.8.3). If I use no proxy or a Squid proxy with the browser, the application loads just fine. It appears as if the XMLHttpRequests from "X-Signalr-User-Agent: Microsoft SignalR/5.0" are delayed which renders the handshake invalid and therefore prevents the application from loading correctly. Unfortunately I can't share many details due to an NDA. I've tested the behavior via HTTP and HTTPS, with HTTP/2 and 1.1 no differences. What could cause this issue and how can I resolve this?

GarlicCheese | Last updated: Sep 21, 2021 06:41AM UTC

The same behavior is observable with mitmproxy or when using the integrated Chromium from Burp.

GarlicCheese | Last updated: Sep 21, 2021 06:41AM UTC

The same behavior is observable with mitmproxy or when using the integrated Chromium from Burp.

Liam, PortSwigger Agent | Last updated: Sep 21, 2021 12:45PM UTC

Hi GarllicCheese SignalR looks like it uses server-sent events. I have just checked our development backlog and it looks like the Connection header is still set to automatically close once a response is received. I will add your ticket to our internal one and let you know when this feature is released. Unfortunately, I cannot provide an ETA.

GarlicCheese | Last updated: Sep 21, 2021 07:17PM UTC

I've also traced back the issue to Server-Sent events. Thank you for the feedback.

lewis | Last updated: Aug 31, 2022 07:05AM UTC

Hey Liam, was this still in the backlog?

Liam, PortSwigger Agent | Last updated: Aug 31, 2022 09:21AM UTC

Hi Lewis, we made some changes that we hoped would alleviate this issue. If you're encountering a similar issue on a public-facing application, could you provide us with a URL to help us investigate?

lewis | Last updated: Sep 01, 2022 03:35AM UTC

Thanks Liam, I skipped the most obvious way to see if it was fixed and posted here before upgrading to the latest version (was using a 2021 build). Actually seems to mostly be working now, cheers.

Liam, PortSwigger Agent | Last updated: Sep 01, 2022 10:10AM UTC