Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Provide option to pass unaltered response back to client

Ian | Last updated: May 07, 2015 02:17PM UTC

Recently we conducted an application assessment for an android application. The application communicated using gzip / deflate content encoding. Burp Suite was initially configured to unpack gzip/deflate encoded traffic via proxy options. This allowed us to see the server responses in the Target tab. However, it was evident that Burp was passing the unpacked version of the response back to the client. Since the client was not a web browser but rather a mobile app, the app did not know how to handle the unpacked version of the response. We could get the app to work if we deselected the "unpack gzip / deflate in responses", but then we would only see the compressed content in the Target tab, which made it difficult to conduct other activities like using Intruder / Repeater / Scanner on the response data. It'd be nice to have an option to tell the proxy to unpack gzip / deflate in responses (and requests) for display purposes but to pass the original unaltered request or response on to the client or server.

PortSwigger Agent | Last updated: May 07, 2015 03:16PM UTC

Thanks for this request and apologies for the slow update. We've got a pending feature request to make Burp's message editor natively handle compressed content, and automatically decompress these for viewing/editing, and then recompress them after any changes. We can't currently promise an ETA for this feature, sorry. However, it would be possible to implement this yourself with a custom editor tab extension, along the lines of: http://blog.portswigger.net/2012/12/sample-burp-suite-extension-custom_17.html

Burp User | Last updated: Jun 28, 2015 12:04AM UTC

I'll second this - I'm now on my third mobile app that uses gzip and will only accept compressed responses.

Burp User | Last updated: Jun 29, 2015 10:11AM UTC

This is what I am using to transparently unzip and zip the response in an editor tab. It doesn't deal with deflate and the header it responds to may be too specific for some. http://pastebin.com/2JFUBxqb

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.