Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Content-Disposition: attachment downloads do not render

Reino Jul 22, 2019 05:35PM UTC

Hi,
image file (jpegs) downloaded with the response header Content-Disposition: attachment does not have a render tab in the new version of Burp. This means that you cannot see the images within Burp.

An example response that goes unrendered would be
HTTP/1.1 200 OK
Date: Mon, 22 Jul 2019 17:26:08 GMT
Server: Apache/2.4.39 (Unix)
X-Powered-By: PHP/7.2.19
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Description: File Transfer
Content-Disposition: attachment; filename="hover.jpg"
Content-Length: 15274
Connection: close
Content-Type: image/jpeg


Removing the Content-Disposition: attachment; response, or chaining it to inline causes the render tab to show again.

Could you have a look?

Regards


Liam Tai-Hogan Jul 24, 2019 02:23PM UTC Support Center agent

Reino, the example response you have given would result in the browser downloading and saving an attachment.

“In a regular HTTP response, the Content-Disposition response header is a header indicating if the content is expected to be displayed inline in the browser, that is, as a Web page or as part of a Web page, or as an attachment, that is downloaded and saved locally.”

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition

This has been disabled for security reasons.


Post Your public answer

Your name
Your email address
Answer