Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

You’ve been blocked for security reasons cloudflare

Ashhad | Last updated: Jul 06, 2022 11:29AM UTC

when i on burp suite using FOXY PROXY exxtension and reload the website this error is show You’ve been blocked for security reasons If you believe this is a mistake, please contact the website owner and include the request ID number from this page. i think website use cloudflare. when i turn off the burp proxy and reload the page its working fine. I happen first time other website is working fine when i On the burp proxy. how i solve this issue?

Ben, PortSwigger Agent | Last updated: Jul 07, 2022 09:17AM UTC

Hi Ashhad, We are aware that Cloudflare is implementing some measures to fingerprint and detect the use of proxies to intercept HTTPS traffic (There is some information about this here if you are interested - https://blog.cloudflare.com/monsters-in-the-middleboxes). Unfortunately, if this is the case in your scenario, there is no simple way to get round this in the short term and also no easy fix for us to implement as a long term solution. Is this a public facing site that we could take a look at ourselves in order to try and confirm that this is the issue (if you would prefer to share details of the privately please feel to send us an email at support@portswigger.net)?

Mopam | Last updated: Oct 17, 2022 10:33AM UTC

I have this problem on both CF and Akamai, I managed to bypass it through an abyss of trial and error (and I'm not even sure how I did it), but please if you guys can fix it, I'm bumping the thread.

Ben, PortSwigger Agent | Last updated: Oct 18, 2022 09:12AM UTC

Hi Mopam, As alluded to in the earlier message, this is not something that we are looking to address. Our reasoning being that, even if we were able to make changes to circumvent detection, Cloudflare (and others) would quickly catch up and we will end up chasing what is essentially a moving target indefinitely.

EasySolution | Last updated: Nov 10, 2022 06:34PM UTC

I solved this issue. when all proxy settings are ok then just go to "match and replace section" and select on "header request" -> useragent** - emulate iOS (iphone) or android (whatever). it will work simply fine ! Have a nice day, All credits goes to PortSwigger for making such a great tool.

Dan | Last updated: Nov 19, 2022 04:58PM UTC

Hello everyone! The emulate IOS user agent seemed to work for a while, but at some point, that didn't work anymore for me. Any other ideas on how to bypass this? Are there any plans for Burp to handle this problem soon? Zap proxy has this solved, but since the proxy doesn't have HTTP/2 support, that's not a good option either.

Ben, PortSwigger Agent | Last updated: Nov 21, 2022 12:08PM UTC