Doubt with header. Burp & Tamper

blackice099 · July 25, 2019, 5:10pm

Hello everyone!

Well, this is a realy small problem (I know) but I’m very frustate with this.

Burp suite make the request good:

GET /web/step.php?step=2pw&ac=add&fln=%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2Fproc%2Fversion&bkurl=step.php%3Fstep%3D2 HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: es-MX,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=6v4hg3bet1r6kl7e2c83kjjub0
Upgrade-Insecure-Requests: 0

So, in Burp I see the render and website show some form to manipulate more info.
All right untiil here. BUT:

When I try to recreate the header with - Http header live- I can´t stop the redirection to original site ( a login.php) and I can´t obtain the answer same like Burp.

So, my question is: How can I stop the redirection like Burp to avoid the last request to login.php again and just stop over <step.php> ??

I think about 302 code headers, but is server side, so how Burp stop the redirection? I know is very dummy question, but is better ask in that cases and learn.

Thanks in advance!

Nitrax · July 26, 2019, 7:09am

Hi there,

Burp is not ignoring redirection. Does your request is performed through the repeater?
If yes, you would see a follow redirection button next to the « next (>) » button

Hope it helps,
Best,
Nitrax

petruknisme · July 26, 2019, 2:16pm

How you build http header request? If you use curl, you can ignore http redirection as far as I know.

blackice099 · July 26, 2019, 7:34pm

Hi!

Thank you very much for the answer! Well, I know about the button, but I mean, I want to replicate this over browser, so when I use Burp, I can see the “render” with a form with in the response windows in Buro, but for what reason en I try to make this in browser (using live http headers) always come back to “login.php” , I think the redirection in the site works fine, but for me it’s a madness…!! I pretty sure the problem is redirection, but how can stop… this is the problem - im lost- !!

blackice099 · July 27, 2019, 12:30am

Thanks! I try with that, I’m tell you if that works

petruknisme · July 27, 2019, 1:10am

What browser are you using? If firefox, you can use this for Firefox 57+:

about:config and then search for: accessibility.blockautorefresh.

Note: If you’re looking to enable redirect warning, you’ve to visit about:config and change the above preference value to true f rom (default) false.

image from techdows

blackice099 · July 27, 2019, 11:34pm

Hey guys! @Nitrax @petruknisme

Well, reading your advices I try to make this but nothing work to me! BUT, I download the old 5.6 Firefox Version and use -noredirection- addon, so that works like a charm! Finally, the form with the buttons appear in browser. Thank you very much for your support! Awesome!!!

system · August 24, 2019, 5:11pm

This topic was automatically closed after 30 days. New replies are no longer allowed.