0

Using the requests library, I am trying to make request to a url. I've set the target to the specific url and checked, "And URL Is in Target Scope" in both Request interception rules and Response Interception rules. Here's a snippet.

import requests
url = "https://some_url.net/"
proxies = {"http":"http://127.0.0.1:8080" , "https":"http://127.0.0.1/"}
r = requests.get(url, proxies = proxies, verify=False)

The request is showing in the proxy's intercept, but when I forward the request, I do not get to see the response in burp. However I do get it in the python console, returning cookies and other headers. Here's the request I sent which shows up in burp

GET / HTTP/1.1
Host: xyz.net
User-Agent: python-requests/2.28.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close

For this request I don't receive any response on burp when I forward it. i know it is saying connection closed, However here's what I get in the python's console on requesting headers using r.headers

{'Set-Cookie': 'TrackingId=5lkTrr8GwfrXvxGS; Secure; HttpOnly, session=gQHLcPtXqmYAQ2JhQNitbTrDdjYNeu5j; Secure; HttpOnly; SameSite=None', 'Content-Type': 'text/html; charset=utf-8', 'X-Frame-Options': 'SAMEORIGIN', 'Content-Length': '10933'}

and also response is received when I request content using r.content

Here are the headers when I make the same request manually:

GET / HTTP/2
Host: xyz.net
Cookie: TrackingId=0nfDJnMqVqEF8jjp; session=J96kEOZ4EeUJrmNoNKRhpxP5vorwgUVM
User-Agent: Mozilla/n.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://portswigger.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Te: trailers

What changes do I need to make changes in my burp or my request to get a response to show up on burp as well, which looks like down below ( when done manually )

GET /xyzLabHeader HTTP/2
Host: xyz.net
User-Agent: Mozilla/n.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-Websocket-Version: 13
Origin: xyz.net
Sec-Websocket-Key: jKacksiH9k/Xu/9yXm2Jzw==
Connection: keep-alive, Upgrade
Cookie: TrackingId=0nfDJnMqVqEF8jjp; session=J96kEOZ4EeUJrmNoNKRhpxP5vorwgUVM
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Improve this question
1
  • Only one question per post please. And your second question is a pure python programming question that has nothing to do with security. Commented Apr 10, 2023 at 13:46

1 Answer 1

Reset to default
1

Based on the information you've provided, it seems that the issue is not with your code, but rather with the way Burp is configured. It appears that Burp is not intercepting the response from the server, even though it is correctly intercepting the request.

One possible reason for this could be that Burp is not configured to intercept responses for the specific URL you are requesting. You mentioned that you have set the "And URL Is in Target Scope" option in both request and response interception rules, but it's possible that this is not enough. You may need to explicitly add the URL to the scope of Burp's intercepting proxy.

To do this, go to the "Scope" tab in Burp's "Proxy" section and add the URL (e.g., "https://some_url.net/") to the "Include" section. This should tell Burp to intercept and show the response for that specific URL.

Improve this answer
3
  • Thanks...But I did already specified my target scope in proxy. But as I said above, burp is showing me the response for the same when the steps are done manually, (means when I reload the url) Commented Apr 9, 2023 at 13:09
  • 1
    Hey thanks, I found the problem. Burp was missing one config. BTW in the urllib3 'response' variable, shouldn't you make 2 separate variables for the HTTP and HTTPS proxies ? Commented Apr 9, 2023 at 14:46
  • @KaranBakshi don't accept this answer if it didn't answer your question. This is a very generic answer (that looks AI-generated) that suggests you did what you have already done. The better approach is to post an answer with the missing Burp config. Commented Apr 10, 2023 at 13:48

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.