Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

handling noscript

Filip | Last updated: May 18, 2016 09:35AM UTC

Hi, I've come across an application that adds the following to all reponses: <noscript> <meta http-equiv="refresh' content="2;url=/somepath/no_script.jsp"> </noscript> This has as a result that all responses which are not viewed in a browser get redirected to an error page which states that I need a javascript enabled browser. If I use the scanner or repeater, I always get redirected. If I disable redirects, valid redirects will get disabled as well. Please advise what the best way to proceed is. thanks Filip

PortSwigger Agent | Last updated: May 19, 2016 07:37AM UTC

Thanks for this - it sounds like an unusual situation. One solution would be to create a quick extension that modifies all incoming responses to get rid of the META tag. You could register an IHttpListener, look in response messages for the string being used to do the refresh, and replace it with spaces.

Burp User | Last updated: May 19, 2016 11:49AM UTC

Yes, the noscript thing is a clever little trick. Maybe an idea for an upcoming release: Add an option to modification of request/response to not only do it in the proxy but in a specific tool (scanner, repeater,intruder) or in all of them? Thanks for your response.

PortSwigger Agent | Last updated: May 19, 2016 12:50PM UTC

No problem - we'll certainly provide this kind of capability if it proves to be useful to enough people. Of course, if you don't want to write an extension, another solution would be to chain another instance of Burp as upstream proxy, and use the Proxy match/replace rules in the upstream instance to remove the redirection.

Burp User | Last updated: Sep 17, 2019 05:48AM UTC

<META NAME="ROBOTS"> must be given or not?using burp suit.. kindly reply me

Mike, PortSwigger Agent | Last updated: Sep 17, 2019 10:08AM UTC

Hi Yazhini, can you provide some more context around your query?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.