Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

CONNECT request for plaintext resource fails

Brandon Perry Feb 28, 2017 04:41PM UTC

Hi,

While testing Metasploit modules during module development, I will often try to pass the HTTP requests Metasploit is making through burp. However, when Metasploit is interacting with a plaintext resource (no SSL), then proxying through burp doesn't work. Only proxying data through burpsuite to an SSL-enable port will allow me to successfully proxy the data.

I have determined that this is caused by Metasploit sending a CONNECT HTTP request (usually designated for SSL-enabled servers) even for port 80 plaintext HTTP servers. This isn't a bad thing, as the HTTP specification says that a CONNECT request MAY be sent before initiating any more plaintext HTTP requests. It isn't necessary that the server use SSL.

I believe this is a bug in Burp Suite. It seems to assume that CONNECT is intended for SSL, but that isn't necessarily the case, per the HTTP specification. Because of this, proxying plaintext HTTP requests through Burp doesn't work, only SSL-enabled HTTP requests.

Let me know if you have any questions or if this doesn't make sense.

Thanks!


Brandon Perry Feb 28, 2017 04:49PM UTC
I should rephrase one of my sentences.

Because of this, proxying plaintext HTTP requests from Metasploit through Burp doesn't work, only SSL-enabled HTTP requests.

Dafydd Stuttard Mar 01, 2017 02:45PM UTC Support Center agent

Thanks for this report. We agree that supporting this situation would be ideal, however this is non-trivial to implement in the Proxy request handling logic, and we’re inclined not to do it since browsers and other user agents don’t behave in this way.

Instead of configuring Metasploit to use Burp as its proxy, have you tried using invisibly proxying? This way, Metasploit will send regular non-proxy requests to Burp, and it should handle them correctly.

https://portswigger.net/burp/help/proxy_options_invisible.html


Post Your public answer

Your name
Your email address
Answer