Doubt with header. Burp & Tamper

Hello everyone!

Well, this is a realy small problem (I know) but I’m very frustate with this.

Burp suite make the request good:

GET /web/step.php?step=2pw&ac=add&fln=%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2F…%2Fproc%2Fversion&bkurl=step.php%3Fstep%3D2 HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: es-MX,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=6v4hg3bet1r6kl7e2c83kjjub0
Upgrade-Insecure-Requests: 0

So, in Burp I see the render and website show some form to manipulate more info.
All right untiil here. BUT:

When I try to recreate the header with - Http header live- I can´t stop the redirection to original site ( a login.php) and I can´t obtain the answer same like Burp.

So, my question is: How can I stop the redirection like Burp to avoid the last request to login.php again and just stop over <step.php> ??

I think about 302 code headers, but is server side, so how Burp stop the redirection? I know is very dummy question, but is better ask in that cases and learn.

Thanks in advance!

Hi there,

Burp is not ignoring redirection. Does your request is performed through the repeater?
If yes, you would see a follow redirection button next to the « next (>) » button :slight_smile:

Hope it helps,

1 Like

How you build http header request? If you use curl, you can ignore http redirection as far as I know.


Thank you very much for the answer! Well, I know about the button, but I mean, I want to replicate this over browser, so when I use Burp, I can see the “render” with a form with in the response windows in Buro, but for what reason en I try to make this in browser (using live http headers) always come back to “login.php” , I think the redirection in the site works fine, but for me it’s a madness…!! :smile: I pretty sure the problem is redirection, but how can stop… this is the problem - im lost- !! :smiley:

Thanks! I try with that, I’m tell you if that works :slight_smile:

What browser are you using? If firefox, you can use this for Firefox 57+:

about:config and then search for: accessibility.blockautorefresh.

Note: If you’re looking to enable redirect warning, you’ve to visit about:config and change the above preference value to true f rom (default) false.

  • image from techdows

Hey guys! @Nitrax @petruknisme

Well, reading your advices I try to make this but nothing work to me! BUT, I download the old 5.6 Firefox Version and use -noredirection- addon, so that works like a charm! Finally, the form with the buttons appear in browser. Thank you very much for your support! Awesome!!! :slight_smile:

This topic was automatically closed after 30 days. New replies are no longer allowed.