Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

curl 400 bad request

zobi Dec 05, 2018 03:05PM UTC

I want to connect to a website without browser, with curl. I set up an http proxy (burp community edition) to see how my browser connects to this website. I clear all history (including cookies) and restart my browser. Here is what the proxy gives (as http request):

GET / HTTP/1.1
Host: xxx.xxxxxxxxx.xx
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close

so I translate this into curl within a file (let's called it curl.test):

curl -i -s -k --head -o curlOutput -X $'GET' \
-H $'Host: https://www.xxxxxxxxx.xx' \
-H $'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0' \
-H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-H $'Accept-Language: en-US,en;q=0.5' \
-H $'Accept-Encoding: gzip, deflate' \
-H $'DNT: 1' \
-H $'Connection: close' \
-H $'Upgrade-Insecure-Requests: 1'

I am not sure of the above syntax (for instance, for user-agent, I saw: --user-agent/-A from man, or -H 'User-Agent:...' over internet, so maybe my syntax is wrong although no error in the output.

chmod 755 curl.test and ./curl.test; here is what I get:

HTTP/1.1 400 Bad Request
Date: Wed, 05 Dec 2018 11:06:17 GMT
Content-Type: text/html
Content-Length: 166
Connection: close
Strict-Transport-Security: max-age=15768000
X-DataDome: protected
Set-Cookie: datadome=1TRX6GOR3NLKMWu88uOEnSmniB0MayD7Js4s8AeT96Z; Max-Age=31536000; Domain=; Path=/
I would like to know why the request is bad. Thanx folks!

Paul Johnston Dec 06, 2018 11:37AM UTC Support Center agent

It looks like the host header is invalid. It should not contain https://

Did you generate the curl command using Burp? There’s an option on the context menu to “copy as curl command”

Post Your public answer

Your name
Your email address