I'm inspecting web page and using Burp suite to intercept HTTP requests made by JS. For certain URL I receive 403 status and Claudflare's page with message "Please turn JavaScript on and reload the page". JS is turned on in my browser (Firefox) and that URL works fine with disabled proxy.
How Cloudflare detects Burp and how to bypass it?
In my case I was able to fool Cloudflare simply by overriding the default User-Agent header that Burspsuite uses. Go to Proxy > Options > Match and Replace then add and enable a Request header rule that overrides the User-Agent header:
| Match | Replace |
|---|---|
^User-Agent.*$ |
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 |
