Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Enterprise, disable Http/2 requests configuration option

Dawson | Last updated: Dec 13, 2021 03:55PM UTC

Hello, I've been in discussion with support via email already but wanted to post this here. We have a situation where burp is identifying the application we are scanning uses Http/2 when in actuality, it doesn't and it causes the "Could not connect to any see urls" error. The only way to get around this issue is to use Professional addition and disable Http/2 requests in project options. Burp Enterprise does not have this configuration option (that i'm aware of) so there is no way around it other than switching back and forth to pro edition. A option to disabled Http/2 requests in Burp Enterprise would be very helpful in my case.

Uthman, PortSwigger Agent | Last updated: Dec 13, 2021 04:10PM UTC

Hi Dawson,

I've raised a feature request to expose the option in the UI. However, you can also export it from Pro and import it as a scan config into Enterprise > Launch a new scan and you should see that HTTP/2 isn't used.

The config itself looks like this: 

{
    "project_options":{
        "http":{
            "http2":{
                "enable_http2":false
            }
        }
    }
}

We'll let you know when this can be changed in the UI instead of importing a config.

Dawson | Last updated: Dec 13, 2021 04:55PM UTC

This worked great. Thank you for the help and quick response on this!

Dawson | Last updated: Dec 13, 2021 04:55PM UTC

This worked great. Thank you for the help and quick response on this!

Dawson | Last updated: Dec 13, 2021 04:55PM UTC

This worked great. Thank you for the help and quick response on this!

Uthman, PortSwigger Agent | Last updated: Dec 13, 2021 05:02PM UTC

No problem! We'll update this thread if/when an easier method is implemented to enable/disable HTTP/2 for scans in Enterprise.

Liam, PortSwigger Agent | Last updated: Mar 29, 2022 12:16PM UTC

Hi Dawson. Would it be possible to provide us with access to the application that required you to disable HTTP/2?

JustLuckyIGuess | Last updated: Feb 23, 2024 10:46AM UTC

The HTTP Request Smuggling Lav: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te Requires HTTP/1.1, as it seems. The solutions provided here does not work...

Ben, PortSwigger Agent | Last updated: Feb 23, 2024 11:06AM UTC