i keep getting this ( 403 ) on a target for using proxy, if i turn off proxy it works but i want to see traffic in burp but i keep getting 403 any solve? #bugbounty
i use Caido and it works
@ide9x turn off http/2 in proxy settings if that doesnt work turn off http/2 in burp's settings too if bot detection extension works you may need to change ciphers "Usage Note: This extension changes network settings at "Settings -> Network -> TLS" and selects "Use custom protocols..."
@thesololevel1ng Thanks i will check!
@ide9x That's coz WAF blocked it, when you get 200 in burp, that doesn't mean it worked, you also have to check for other things like the length and the search result (e.g no results found), getting 200 in burp doesn't mean the exploitation worked, might be filtered already, giving 200
@OyinlolaAk62255 Lol u don't understand i dont Said waf blocks my xss payload im talking for normal browsing
@ide9x Use burp plugin bot detection
@0xbeven thanks this also work ( sometimes )
@ide9x Enable the rule in burp that emulates android or edge. Its most probably cloudflare is blocking burp user agent.
@zertux6 yes thanks!
@ide9x 403 usually means your proxy’s changing something it shouldn’t. Add host to SSL Pass Through Preserve Host header Compare direct vs proxied requests Watch cookies & TLS fingerprint If all else fails, Invisible Proxy mode. Burp’s not broken your traffic is.
@ide9x Burp SSL fingerprint is starting to get banned in multiple WAFs, try Caido
@ide9x Use developer tools
@ide9x This is common. Some security platforms fingerprint burp and blocks it. Other options like Caido can help.
@ide9x You can use match and replace option to change the user agent in burp suit. Some WAF blocks request from burpsuit proxy so it may work.
@ide9x Just the chance the user agent. It's enough
@ide9x diff ip