Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Incompatibility with AkamaiGHost

floyd | Last updated: Jul 05, 2017 03:30PM UTC

I nearly opened a bug report a couple of months ago because I had this happening to me a few times for different web sites. However, as I didn't know the root cause I didn't report it at that time. If you got a lot of strange "Burp doesn't work!" support questions, this might be one explanation. I know this might be a problem of Akamai rather than Burp, but I want you to confirm that first. Symptom: Happens with different websites, but I noticed this time with https://www.zomato.com/ which is a company who has a bug bounty program on hackerone. When I connect without Burp Proxy, Firefox works fine. When I have the connection tunneled through Burp, the connection times out/I can't connect. Burp will show the request, but times out and never receives a server response. Analysis: To simplify, the same problem exists without TLS, so I tried with http://www.zomato.com/ and the same symptoms occur, we don't get an HTTP response. So if you want to test the following requests in Burp Repeater, use http://www.zomato.com/ as "Target" aka "HTTPService" for the TCP connection. Checking in Wireshark, when my Firefox connects directly without Burp it sends (including two newlines at the end of the request, don't forget those when testing in Burp Repeater!): GET / HTTP/1.1 Host: www.zomato.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:54.0) Gecko/20100101 Firefox/54.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1 It also gets the response just fine from the AkamaiGHost server: HTTP/1.1 301 Moved Permanently Server: AkamaiGHost Content-Length: 0 Location: https://www.zomato.com/ Date: Wed, 05 Jul 2017 15:20:03 GMT Connection: keep-alive Cache-Control: max-age=0, no-cache, no-store, no-transform Vary: Accept-Encoding, User-Agent Strict-Transport-Security: max-age=31536000 But through Burp, Burp will send: GET / HTTP/1.1 Host: www.zomato.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:54.0) Gecko/20100101 Firefox/54.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Connection: close Upgrade-Insecure-Requests: 1 And then doesn't receive a response. The Accept-Encoding and Connection header do seem to matter. Analysis result (you can try in Burp Repeater): 1. What Firefox does (works fine): Accept-Encoding: gzip, deflate Connection: keep-alive 2. A middle way (works fine): Accept-Encoding: gzip, deflate Connection: close 3. Another middle way (works fine): Connection: keep-alive 4. What Burp does (doesn't work and times out): Connection: close So I conclude that Burp needs to send the keep-alive or Accept-Encoding header. Otherwise the connection will time out, which I can see in Wireshark and Burp Repeater. Now obviously you can also report this to Akamai if you think this is an Akamai thing. For now I don't have any other website at hand where this issue was present. Another user of Burp just confirmed this issue to me. Can you confirm too? Is there a workaround for this?

PortSwigger Agent | Last updated: Jul 06, 2017 07:26AM UTC

Thanks for reporting this, and the detailed analysis. I can confirm I'm seeing the same issue. As a quick workaround, go into Proxy > Options > Miscellaneous and uncheck "Set connection close on incoming requests". We'll have a discussion internally about whether we should contact Akamai or change Burp's default behavior. Please let us know if you need any further assistance.

Burp User | Last updated: Jul 06, 2017 08:57AM UTC

Thanks, that's all I needed for now. Let me know when you have a decision on this one.

PortSwigger Agent | Last updated: Jul 06, 2017 08:57AM UTC

Just to let you know we've fixed this issue in today's release (1.7.27). Thanks again for your feedback and please let us know if you run into any other problems.

Burp User | Last updated: Dec 02, 2019 01:25PM UTC

Hi, I faced the same issue while testing my web application using burpsuite, we are not able to maintain keep-alive connection while using burp suite i have tried it on latest version as well as 1.7.27 but it didn't work. please suggest some way to overcome this issue.

Liam, PortSwigger Agent | Last updated: Dec 02, 2019 02:29PM UTC

Jatin, have you tried unchecking the option via Proxy > Options > Miscellaneous - "Set connection close on incoming requests"?

Burp User | Last updated: Dec 05, 2019 06:16AM UTC

Yes Liam, I already tried that but that didn't work for for me.

Mike, PortSwigger Agent | Last updated: Dec 05, 2019 12:02PM UTC

Jatin, that option doesn't prevent Burp from closing the connection, but it does stop the Connection: close header from being added to the request. Burp Suite does this as it has significant performance and reliability improvements to close the connection.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.