0

I am trying to test my webapplication for vulnerabilities using burp suite professional, Burp suite is acting as my proxy server so when a client requests

  • I am able to get response from server for every request.

  • To implement pushes I have also made a connection from client and haven't closed it (not sent 200 OK from server, it's a long lib connection) .

  • We write on output stream from server for same connection to get the responses(pushes) at onInteractive method on client side.

below is the reference code example:

new Ajax.Request(
    connUrl,
    {
        method : 'post',
        postBody : postdata,
        headers : {
            sessionId' : abc.sessionId,
                    },
        timeout : 5000,
        onInteractive : function(transport) { ...
                           ...  }

When not using any proxy(burp), I am able to get pushes, but when using burp as a proxy I am not able to get the pushes.

Please suggest any solution.

JATIN ALWANI
  • 1
  • 2
  • may be because SSL, install ssl certificate from burp to browser, to download certificate open burp suite and navigate to "http://burp" in browser and download certificate. – Jay seen Nov 27 '19 at 10:44
  • Do one thing try intercept request in burp, if you are able to intercept request than this is not SSL problem, in this case try to send this intercepted request to repeter, and send request again in repeater, check if you getting pushes. – Jay seen Nov 29 '19 at 13:03
  • hey @JaikeySarraf , i have already imported the burp CA certificate from their website and also tried importing the certificate that is generated from Burp in _`proxy - > options -> proxy listener -> regenerate CA certificate`_ . my burp is working fine, intercepting all the request and responses. But the problem is that my connections closes everytime, and i want a keep alive connection. Please suggest some way to maintain a keep-alive connection. I have also tried to uncheck **set Connection close ** in Miscellaneous option in proxy, but that didn't work as well. – JATIN ALWANI Nov 29 '19 at 13:17
  • this issue fixed in 1.7.27, https://support.portswigger.net/customer/portal/questions/17099146-incompatibility-with-akamaighost – Jay seen Nov 29 '19 at 13:30
  • I am using the latest version of burp professional version i.e 2.1.05 and still facing this issue, i've also tried to test my webapp on burp version 1.7.27 but it's giving the same problem there as well. – JATIN ALWANI Dec 03 '19 at 05:30

0 Answers0