Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How do I make Burp follow redirects (302)

Burp User | Last updated: Aug 21, 2017 02:39PM UTC

Hi all, I currently try to scan an application with the scanner, but for some reasong Burp Scanner is not following the sent redirects. The response looks e.g., like this: HTTP/1.1 302 Found Date: Mon, 21 Aug 2017 14:24:36 GMT Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Length: 0 Location: https://my.company.com/Management/administration?execution=e1s3 Connection: close Content-Type: text/plain Of course on this "redirect" page no issues are found by the scanner but the actual site has some issues that should be found. The "Follow redirections where necessary" feature is enabled. Thank you !

Liam, PortSwigger Agent | Last updated: Aug 22, 2017 09:22AM UTC

Hi Silvio Thanks for your message. Which issues does the site have that should be found? It may be that Burp Scanner does not check for these issues after following a redirection. Are the redirected issues configured as part of your target scope? Have you used the Logger++ extension to check whether Burp is following the redirects?

Liam, PortSwigger Agent | Last updated: Aug 22, 2017 10:51AM UTC

Chris, could you explain your issue in a little more depth? Burp is not following redirects?

Burp User | Last updated: Jan 01, 2019 09:45AM UTC

Hi, I am facing the same issue what is described by silvio. I am using logger++ but in logger++ also showing as 302. How to resolve the issue ?

Burp User | Last updated: Jan 29, 2019 10:29PM UTC

Hi, I am facing same issue.

Burp User | Last updated: Aug 26, 2019 07:02AM UTC

In some case, you can auto Follow redirection on Repeater/Intruder if you add X-Requested-With: XMLHttpRequest to request Headers. But can not use for all case. Thanks

Burp User | Last updated: Aug 26, 2019 07:36AM UTC

And you can configure Repeater: Repeater -> Follows redirections -> Always Thanks

Michelle, PortSwigger Agent | Last updated: Aug 27, 2019 09:45AM UTC

You can find options for redirections under Project Options -> HTTP, or if you are using Repeater, under the Repeater menu -> Follow redirections. If these aren't quite what you're looking for, could you tell us a bit more background on the steps you're taking and what you need Burp to do, please?

Burp User | Last updated: Dec 25, 2019 06:03AM UTC

my question is opposite of this :D how to block 302 redirects on burp suite? its not showing 302 on interception but it haves 302 redirect so how to block it?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.