3

I know these things can easily be done on wireshark, tshark, etc but is it possible to know that the request I forwarded and the response I received is using protocols such as TLS, TLSv1.2, TCP, HTTP, etc in Burp Suite? So I won't have to switch to other network applications to see the protocols

Sample Request 

POST /api/v2/app/login?optionalKeys=Yes HTTP/1.1

Accept: application/json; charset=utf-8
app-version: 2.3.12
version-code: 321
Tid: 21bb65df-0682-4085-8775-68e70f5653db
sid: dn6e4e7c-d956-4b3e-956b-9c6b9634ef39
os-version: 5.1
deviceId: a62fb2d91cb17587
swuid: a62fb2d91cb17587
User-Agent: Android
Connection: close
Accept-Encoding: gzip, deflate
latitude: 12.904043
longitude: 77.642919
X-NETWORK-QUALITY: GOOD
Content-Type: application/json; charset=UTF-8
Content-Length: 48
Host: xyz.abc.com
X-NewRelic-ID: UwUAVV5VGwIEXVJRAwcO

{"mobile":"1234567890","password":"Yt!*3773@8ATQwEr"}

I don't see any protocol mentioned

SeeYouInDisneyland
  • 1,428
  • 9
  • 20
Akshansh Shrivastava
  • 439
  • 1
  • 4
  • 10

1 Answers1

5

This depends on the tool you are using within Burp:

  • Site map - HTTP and HTTPS URLs are shown separately in the tree
  • Proxy - There is an SSL tick box in the table
  • Repeater - The target URL will show HTTP or HTTPS
  • Logger++ There is an SSL tick box similar to Proxy

Burp does not show the SSL cipher suite used. You can use the SSL Scanner extension in the BApp Store to scan for SSL vulnerabilities.

PortSwigger
  • 487
  • 2
  • 7