Content-Length header is always updated

[tiyeuse]

I noticed PwnFox extension always update the  Content-Length header in BurpSuite Pro v2020.9.2 (not tested on other versions).

Steps to reproduce:

1. Install the last version of PwnFox extension in Burp (v1.0.2)
2. Send any request in Burp repeater tab, change the method to POST, add arbitrary request body and set Content-Length header value to high value, for example 9999999:

   
   POST / HTTP/1.1
   Host: www.google.com
   Content-Type: application/x-www-form-urlencoded
   Content-Length: 9999999

12345

3. Disable `Update Content-Length` option in the Repeater top menu.
4. Send the request, in my case www.google.com replies with a `405 Method Not Allowed`

Expected result:
www.google.com should reply with `413 Request Entity Too Large` because the Content-Length value is too high (it should timeout for lower values). You can verify this behavior by enabling or disabling the PwnFox extension between requests.
Also you can see in the `Logger++` extension that the `Content-Length` header value has been updated when the extension is enable.

Is this "auto-update" feature intended / necessary ? This also works works out of repeater (like intruder for example). An automatic update could prevent exploitation of vulnerabilities such as request smuggling.

[B-i-t-K]

That's weird, because pwnfox burp, only remove the pwnfox header and colorize the request. I need to check burp api, this is completely unintended

[tiyeuse]

Any news regarding this issue ?