Bypass web page redirects

  • If the site allows you to ignore redirects by modifying the response header (HTTP redirect vulnerability)

    • E.g. changing in from 301 Found to 200 OK

  • You don't have to do this manually every time you can have Burp do it automatically

  • Go to Proxy -> Options -> Match and Replace

  • Add

  • Item: Response Header

  • Match: 30[12] Found

  • Replace: 200 OK

  • Check the match regex box

  • You now see your new entry in Match and Replace

  • Ensure that your rule is checked so that it's active

  • Burp will now make the modifications for you on the fly; you can turn intercept off

PreviousRFINextwget behind auth

Last updated