The figure below shows the exact error message returned by Burp Suite.<\/p>\n\n\n\n Note: The actual domain name has been redacted due to NDA restrictions. However, a similar example domain will be used throughout this post to clearly explain the issue and solution.<\/p>\n<\/blockquote>\n\n\n\n When accessing the application through a browser configured to use Burp Suite as a proxy, the page failed to load. Instead, the browser displayed an error indicating that the connection could not be established.<\/p>\n\n\n\n The figure below shows the error displayed in the web browser when traffic was proxied through Burp Suite.<\/p>\n\n\n\n Interestingly, when the same application was accessed without Burp Suite (direct connection), it loaded perfectly fine. This confirmed that the issue was not with the application itself, but specifically with how Burp Suite was handling the hostname.<\/p>\n\n\n\n After some investigation, I discovered that the problem was caused by the use of underscores in the domain name.<\/p>\n\n\n\n According to DNS standards, underscores are not valid characters in hostnames. While many browsers and applications still tolerate them, Burp Suite enforces stricter validation and rejects such domain names.<\/p>\n\n\n\n For example, consider the following domain:<\/p>\n\n\n\n This domain contains underscores, which Burp Suite treats as invalid, resulting in the \u201cIllegal server name\u201d error.<\/p>\n\n\n\n To continue testing the application through Burp Suite, a workaround was required that would allow Burp to process the domain correctly without modifying the target infrastructure.<\/p>\n\n\n\n The solution involves two main steps:<\/p>\n\n\n\n Let\u2019s go through the steps in detail.<\/p>\n\n\n\n First, we need to determine the IP address associated with the original domain name. This can be done using the nslookup command:<\/p>\n\n\n\n The figure below shows a successful nslookup result, returning the target IP address:<\/p>\n\n\n\n Make note of the IP address, as it will be required in the next step.<\/p>\n\n\n\n Since Burp Suite does not accept underscores in hostnames, we need to provide Burp with a modified version of the hostname that replaces underscores with dots.<\/p>\n\n\n\n Original domain:<\/p>\n\n\n\n Modified domain:<\/p>\n\n\n\n To implement this in Burp Suite:<\/p>\n\n\n\n The figure below shows the DNS override configuration in Burp Suite:<\/p>\n\n\n\n At this stage, Burp Suite will resolve the modified hostname correctly.<\/p>\n\n\n\n Although DNS resolution now works, the browser will still send HTTP requests using the modified dot-based hostname. However, the backend application expects the original underscore-based hostname in the HTTP Host header.<\/p>\n\n\n\n To resolve this, we configure Burp Suite to automatically rewrite the hostname before forwarding requests to the server. Navigate to:<\/p>\n\n\n\n Create the following rule:<\/p>\n\n\n\n This ensures that:<\/p>\n\n\n\n The figure below shows the Match and Replace configuration:<\/p>\n\n\n\n After configuring both DNS overrides and Match and Replace rules, I launched the application again using Burp Suite\u2019s built-in Chromium browser.<\/p>\n\n\n\n Instead of accessing:<\/p>\n\n\n\n I accessed:<\/p>\n\n\n\n Thanks to the configured rules, Burp Suite seamlessly:<\/p>\n\n\n\n The figure below shows Burp Suite successfully intercepting traffic without any errors:<\/p>\n\n\n\n This issue is relatively rare but can occur when testing legacy applications or environments where underscores are used in domain names.<\/p>\n\n\n\n While browsers may tolerate such domains, Burp Suite adheres strictly to hostname standards and rejects them.<\/p>\n\n\n\n By leveraging Burp Suite\u2019s:<\/p>\n\n\n\n we can effectively bypass this limitation and continue testing without requiring any changes to the target application.<\/p>\n\n\n\n I hope this guide helps anyone who encounters a similar issue during a penetration test.<\/p>\n","protected":false},"excerpt":{"rendered":" During a recent web application penetration test, I encountered an unusual issue when proxying traffic through Burp Suite. Every time I attempted to access the target application via Burp, the request failed with the following error: \u201cIllegal server name, type=host_name(0), name=SNIP, value={SNIP}\u201d The figure below shows the exact error message returned by Burp Suite. Note: … <\/p>\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/BurpSuiteError.png\")
<\/figure>\n\n\n\n\n
How the Issue Appeared<\/h2>\n\n\n\n
![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Browser_Error.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/WebWorksWithoutBurp.png\")
<\/figure>\n\n\n\nRoot Cause Analysis<\/h2>\n\n\n\n
2026_Test_jasveermaan.com<\/pre>\n\n\n\n
Workaround Solution<\/h2>\n\n\n\n
\n
Step 1: Resolve the Original Domain to an IP Address<\/h3>\n\n\n\n
nslookup <domain>
nslookup 2026_Test_jasveermaan.com<\/pre>\n\n\n\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/nslookup.png\")
<\/figure>\n\n\n\nStep 2: Configure Burp Suite DNS Override<\/h3>\n\n\n\n
2026_Test_jasveermaan.com<\/pre>\n\n\n\n
2026.Test.jasveermaan.com<\/pre>\n\n\n\n
\n
\n
![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Burp-DNS-Config.png\")
<\/figure>\n\n\n\nStep 3: Configure Match and Replace Rules<\/h3>\n\n\n\n
\n
\n
\n
![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/BurpMatchReplace.png\")
<\/figure>\n\n\n\nFinal Result<\/h2>\n\n\n\n
2026_Test_jasveermaan.com<\/pre>\n\n\n\n
2026.Test.jasveermaan.com<\/pre>\n\n\n\n
\n
![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/BurpSuccess.png\")
<\/figure>\n\n\n\nConclusion<\/h2>\n\n\n\n
\n