Why I have 403 error ONLY when I am using BurpSuite? - web-testing

during pentesting SOME site I have faced with file upload errors. It is 403 error Forbidden but the most interesting thing lies in the fact it is happening ONLY when I use burp proxy.
When I am uploading passport/id document as a usual way(withou Burp Suite) - No error. 200 OK.
When I am uploading with Burp Suite - 403 Error.
P.S.: Other site functionality/APIs work properly when I use Burp Suite
I have no idea why this 403 error occurs. Is this a bug or a kind of "protection"?

Then you don't have the authorization to set up a proxy in your OS.
I guess you are using your corporate laptop. Try to change you network settings in your browser. If they are grey out then your organization has blocked that for you ( Bgroup rules).
I faced the same issue exactly and this was the problem.
Hope that helps.

Related

Request forbidden by administrative rules

I was trying to run a junit,which calls an API (https:conectapitest.company.com/consumerservice/createConsumer) ,when I was running using eclipse neon (java8) I am getting the following the error .
Unexpected response from Connect server: responseCode=403, responseMessage=Forbidden responseBody=<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
The API is working when I run in postman. I am using Mac OS. Is this issue related to eclipse or MacOS?
I verified all eclipse configs ,did not change any settings ,it worked few weeks back.
while running the testcase, I noticed the message like
SystemProperty java.net.useSystemProxies = null defaulting to FALSE
How to fix this issue?

Email/Password Authentication Mongodb-stitch Android API

This seems to be on a very new topic because the "stitch" or "mongodb-stitch" tags do not exist yet.
I have a mongodb altas cluster on cloud.mongodb.com. The page https://docs.mongodb.com/stitch/auth/email-auth/ only teaches how to do things with JS but I don't have server side JS on hand. Instead I tried to figure out how to do things with the StitchClient on the Android API.
I was able to register an email/password pair using StitchClient.register(email,pwd) and got an email from no-reply+stitch#mongodb.com with the token/tokenId. I copied them and used StitchClient.emailConfirm(token, tokenId) but failed. The error was:
Unexpected response code 404 for https://stitch.mongodb.com/api/client/v1.0/app/APP-ID/auth/local/userpass/confirm
which sounds strange! I opened a browser and paste that in the URL and got 404 too. I even did
curl --data "token=432...345&tokenId=435..334" https://stitch.mongodb.com/api/client/v1.0/app/APP-ID/auth/local/userpass/confirm
and still got 404.
Is this a bug or an outage of the stitch.mongodb.com server?

Mulesoft - Uh-oh spaghettios! There's nothing here

This error is driving me nuts...
Situation:
I am trying to create a REST api and use a api-gateway proxy to access it. Proxy URL is HTTPS.
The deployment goes through fine. No errors reported in the logs. Worker assigned.
However when I try to access through browser get the "Uh-oh spaghettios! There's nothing here.".
Have tried all the usual things like making the https port dynamic using ${https.port} and using 0.0.0.0 instead of localhost in the http-listener config. But that does not help. Has this something to got to do with the proxy version ?
Any help or pointers will be great!
Make sure you follow Steps 2 from below link
Getting Started with Connectors
All,
Got the resolution. The problem was with the certificate chain. The keystore did not contain intermediate certificates. When added to the keystore the connectivity worked fine.
Only if Mulesoft provided correct errors or detailed logging, I would have saved lot of time over this.
Thanks for your inputs.

Getting ERROR bad Request-Line

I have a Canvas Facebook App which has a developer version(for test & dev purpose) accessed through localhost and a staging version deployed to Heroku. Whenever I try to access the developer version through localhost, I get the following error:
[2013-02-24 17:43:40] ERROR bad Request-Line `\x16\x03\x01\x00│\x01\x00\x00»\x03
\x02Q*ѼX\x0EÑ÷╫┤EΩa▀f⌠├÷RNu#N╕╨6$╙iRZ╛\x00\x00H└'.
[2013-02-24 17:43:40] ERROR bad Request-Line `\x16\x03\x01\x00│\x01\x00\x00»\x03
\x02Q*Ѽπ'k1w3Ää¿\x10ëσÅú├\x18$Æë{«ÄNù▐\x03$D\x00\x00H└'.
[2013-02-24 17:43:40] ERROR bad URI `!]è"!┼I\x00\x00H└'.
[2013-02-24 17:43:40] ERROR bad Request-Line `\x16\x03\x00\x00U\x01\x00\x00Q\x03
\x00Q*Ѽ╦▐σ\x12╥N\x7Fi+∩£\x1Dcúë[1/°╡½ñV é₧·Y\x00\x00*\x00 \x00ê\x00ç\x009\x008\
x00ä\x005\x00E\x00D\x00f\x003\x002\x00û\x00A\x00\x05\x00\x04\x00/\x00\x16\x00\x1
3■ \x00'.
I have no problem accessing the staging version in heroku. To make things more interesting, my co developer does not have this problem when he tries to access the app through localhost. We are using the same environment(Windows OS and webrick server). I am suspecting the problem is with my account, but I have no idea how to verify/fix it.
Try accessing clearing the cache.
I was getting the same error while accessing api using https having config.force_ssl = true, but its working fine with http request.

500 Internal Server Error on a Facebook page

I've created a Facebook page (with WordPress) but I can't get it to work in Facebook.
The original page is working fine at: (just add the https to see the SSL version)
http://copywriting.com/fb/fanpage/pueblito-reserve/
However, when I load it into Facebook, the SSL version works fine, but the regular http version gives back a 500 Internal Server Error.
Regular FB tab (with the 500 error): (add the https and it works fine)
http://www.facebook.com/PueblitoEscondido/app_382773098443040
How can this be solved?
How can this be solved?
By looking into your server’s logfiles to see what caused this error …