I noticed PwnFox extension always update the Content-Length header in BurpSuite Pro v2020.9.2 (not tested on other versions).
Steps to reproduce:
Install the last version of PwnFox extension in Burp (v1.0.2)
Send any request in Burp repeater tab, change the method to POST, add arbitrary request body and set Content-Length header value to high value, for example 9999999:
POST / HTTP/1.1
Host: www.google.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 9999999
12345
3. Disable `Update Content-Length` option in the Repeater top menu.
4. Send the request, in my case www.google.com replies with a `405 Method Not Allowed`
Expected result:
www.google.com should reply with `413 Request Entity Too Large` because the Content-Length value is too high (it should timeout for lower values). You can verify this behavior by enabling or disabling the PwnFox extension between requests.
Also you can see in the `Logger++` extension that the `Content-Length` header value has been updated when the extension is enable.
Is this "auto-update" feature intended / necessary ? This also works works out of repeater (like intruder for example). An automatic update could prevent exploitation of vulnerabilities such as request smuggling.
I noticed PwnFox extension always update the
Content-Length
header in BurpSuite Pro v2020.9.2 (not tested on other versions).Steps to reproduce:
Content-Length
header value to high value, for example 9999999:12345