-
-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Burp option not working with HTTPS #1180
Comments
@thibon Did you add burp's cert to your systems cert store? HTTPS doesn't allow MITM interceptions - you have to enable trust. I would first try to check if this works: export HTTP_PROXY=http://127.0.0.1:8080
export HTTPS_PROXY=http://127.0.0.1:8080
curl https://target |
Hi, thanks for your answer but this test works, and burp cert is in my cert store. |
@thibon can you elaborate on the first request? is it the request to github.com that checks for updates? or is it a request to the actual target? If so, can you post the server response to that first request? additionally, a pcap of the conversation might shed some light on things as well. |
Also, the --replay-proxy option waits until you get a response from the server that wasn't filtered out, and then passes it to burp. It's just a convenience option to only send interesting things to burp for further analysis, instead of sending all the 404s et al and cluttering up the history |
just for the record, i'm able to run i looked through the replay proxy code vs the proxy code and i don't see any obvious differences that would lead to one working adn the other not. |
Hi, Let's forget about --replay-proxy option, it's not related to the problem and I didn't fully understood this option at first
Traffic is HTTPS so it's a bit hard to provide an deciphered pcap However, digging in with your example, it works pretty well with some targets like https://bitdiscovery.com or https://google.com, but not with others like https://dma.gp or https://www.groupe-paralliance.fr It looks like it is because the two other targets don't support HTTP/2 and when feroxbuster sends the second request, it's using HTTP/2.0 regarding of the response of the server to the first request (if the server respond with HTTP/1.1 for example). I was able to have it work by forcing burp to use HTTP/1 in the proxy options because I couldn't find an option to tell feroxbuster to use HTTP/1.1, and it didn't follow server instructions |
thanks for the targets that exhibit the behavior! regarding the pcap, i actually was interested in the tls conversation, since we can see the http stuff in burp. for so, i then added
I get the same results for the other site provided
So, at this point, we can say for certain that feroxbuster can handle talking to the sites directly. When we add I don't have the time right this minute to setup certs to see how burp handles its side of the conversation on the wire, but it appears to be a burp problem, or at worst a ferox problem realted to how it interacts with burp in certain configurations. I'm also curious if we use zap or another intercepting proxy, what the behavior looks like. |
small update: using ZAP as the intercepting proxy also works fine. it seems to be a burp issue |
I can confirm, did the test too. |
Describe the bug
When using '--burp' option or '--proxy http://localhost:8080' with an url in HTTPS, I get the following error:
However, looks like it's working with '--replay-prox' option. Note that I'm not sure to understand the difference between the two based on the documentation
I'm using feroxbuster 2.10.4
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Normal request going through the proxy
Traceback / Error Output
Environment (please complete the following information):
Additional context
No additional context, it was working well in the past, did many test without any problem but can't find the cause here
The text was updated successfully, but these errors were encountered: