sAjibuu/Upload_Bypass

File upload always uses HTTP

jIgnoul opened this issue · 2 comments

I was performing some testing but got some unexpected behaviour, my file upload was always being performed over HTTP. After a bit going through the code, I noticed that this is because of line 427 in burp_file.py in lib.

Maybe HTTP vs HTTPS is something we can configure using a flag like the options.insecure flag?

For now I made a nasty fix by just changing http to https as shown in the image.

382645005_334086395778375_3937100407585152227_n

You are correct! I hardcoded by mistake the HTTP protocol when a user is saving the Burp output file with (Copy to file) because it is saving it as plaintext instead of XML. It is impossible to determine the protocol by the request generated from Burp Suite.
Thank you for reporting the issue!

I fixed it by implementing an SSL exception on each request sent. I don't want to take another unnecessary input from the user.

2023-10-01_09h43_19

The new version is available in the Releases page.

Cool! Thanks for the fix and the tool!