Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Content Type incorrectly stated

Alan | Last updated: May 09, 2019 09:18PM UTC

The response states that the content type is application/font-woff2. However, it actually appears to contain unrecognized content. If the URL path can be manipulated to end with ".html", the following browsers may interpret the response as HTML: Internet Explorer 11 Internet Explorer 11 (Compatibility Mode) We have check the web.config setting and they are set to the recommended state. How can we get rid of this error.

Rose, PortSwigger Agent | Last updated: May 13, 2019 12:45PM UTC

Thanks for this report. We agree with your assessment, and have captured a ticket in our backlog to improve Burp's recognition of common font formats.

T | Last updated: May 05, 2021 05:47PM UTC

Has this issue been resolved? I'm unable to replicate this finding which was found by an auditor, I'm wondering if it has been fixed in the version I'm using (2021.4.3). I don't know what version the auditor is using.

Ben, PortSwigger Agent | Last updated: May 06, 2021 08:49AM UTC

Hi, The ticket that was originally raised to address this particular issue is still, I am afraid, in our development backlog and has not yet been implemented.

James | Last updated: Apr 18, 2022 07:04PM UTC

I think it would make sense to not add the issue at all if Burp's heuristics fail to recognize the content type. If the content type is stated and Burp can't recognize it, in most cases the content type is correctly stated. If it is not, the auditor issue isn't providing any insight anyway, and content type confusion analysis beyond what Burp can recognize would probably be driven by reviewing/filtering Proxy history, not looking at the issues panels.

Ben, PortSwigger Agent | Last updated: Apr 19, 2022 10:01AM UTC

Hi James, This is something that we have previously highlighted in relation to the overarching feature request that we have raised for this, in that, if Burp is not able to correctly identify certain file types it should not then be raising an issue with a confidence of 'firm' and a severity of 'low' (this is likely going to be a false positive for these types of files). I will add details of your requested approach to the overarching feature request that we do have recorded so that we can continue to accurately record what our users would like.

Ben, PortSwigger Agent | Last updated: Jul 28, 2023 08:13AM UTC

Hi all, We just wanted to let you know that the recent 2023.7 release should now resolve this issue. Burp Scanner should no longer erroneously report a 'Content Type Incorrectly Stated' issue when scanning font files, or content types that Burp does not recognize.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.