Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Enterprise, disable Http/2 requests configuration option

Bell, | Last updated: Dec 13, 2021 03:55PM UTC

Hello, I've been in discussion with support via email already but wanted to post this here. We have a situation where burp is identifying the application we are scanning uses Http/2 when in actuality, it doesn't and it causes the "Could not connect to any see urls" error. The only way to get around this issue is to use Professional addition and disable Http/2 requests in project options. Burp Enterprise does not have this configuration option (that i'm aware of) so there is no way around it other than switching back and forth to pro edition. A option to disabled Http/2 requests in Burp Enterprise would be very helpful in my case.

Uthman, PortSwigger Agent | Last updated: Dec 13, 2021 04:10PM UTC

Hi Dawson,

I've raised a feature request to expose the option in the UI. However, you can also export it from Pro and import it as a scan config into Enterprise > Launch a new scan and you should see that HTTP/2 isn't used.

The config itself looks like this: 

{
    "project_options":{
        "http":{
            "http2":{
                "enable_http2":false
            }
        }
    }
}

We'll let you know when this can be changed in the UI instead of importing a config.

Bell, | Last updated: Dec 13, 2021 04:55PM UTC

This worked great. Thank you for the help and quick response on this!

Bell, | Last updated: Dec 13, 2021 04:55PM UTC

This worked great. Thank you for the help and quick response on this!

Bell, | Last updated: Dec 13, 2021 04:55PM UTC

This worked great. Thank you for the help and quick response on this!

Uthman, PortSwigger Agent | Last updated: Dec 13, 2021 05:02PM UTC

No problem! We'll update this thread if/when an easier method is implemented to enable/disable HTTP/2 for scans in Enterprise.

Liam, PortSwigger Agent | Last updated: Mar 29, 2022 12:16PM UTC

Hi Dawson. Would it be possible to provide us with access to the application that required you to disable HTTP/2?

JustLuckyIGuess | Last updated: Feb 23, 2024 10:46AM UTC

The HTTP Request Smuggling Lav: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te Requires HTTP/1.1, as it seems. The solutions provided here does not work...

Ben, PortSwigger Agent | Last updated: Feb 23, 2024 11:06AM UTC

Hi, This old forum thread is about disabling HTTP/2 within Burp Enterprise - not about interacting with our Web Academy labs. The lab you mention still functions as expected and the written solution still works

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.