Burp Suite User Forum

WebSocket functionality is not working properly

zi0Balck | Last updated: Mar 19, 2020 03:57PM UTC

I'm trying to use burp as a reversproxy between an Electron client application and a remote server but apparently the communication once initialized seems to send malformed packages to the client that after a few moments ends the connection with an error. I analyzed the traffic with Wireshark and the communication is without problems when burp doesn't manage the requests, but anyway wireshark reports some Websocket opcode as unknown. After having done some tests with Charlse Proxy I think I've come to the conclusion that the problem could reside in the size of the payload that client and server exchange, leading to divide the single payload on more TCP packets. Requests: GET ws://[redacted]/?reconnectionToken=[redacted] HTTP/1.1 Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: ahGF4QKfSU2yrn0Ii7pkJQ== HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: pjNeo3JuQH71CC0JqT0Pt9zVPos= Example of a websocket history entry (definitely malformed): 8aQL3cvL30E=","desiredConnectionType":1} If necessary I will try to provide more information, I look forward to your feedback.

Liam, PortSwigger Agent | Last updated: Mar 24, 2020 02:48PM UTC

As you've redacted sections of the request, we're presuming this site isn't publicly available to test? We'll investigate this issue and get back to you when we have something to share.

Liam, PortSwigger Agent | Last updated: Mar 24, 2020 06:12PM UTC

Additionally, would you be able to provide us with the following? - Your Burp Diagnostics (from the Help menu) - Some details about the 'Electron client application' - The exported PCAP file from your Wireshark monitoring

You need to Log in to post a reply. Or register here, for free.