Research Academy Daily Swig
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Burp Enterprise, disable Http/2 requests configuration option

Bell, | Last updated: Dec 13, 2021 03:55PM UTC

Hello, I've been in discussion with support via email already but wanted to post this here. We have a situation where burp is identifying the application we are scanning uses Http/2 when in actuality, it doesn't and it causes the "Could not connect to any see urls" error. The only way to get around this issue is to use Professional addition and disable Http/2 requests in project options. Burp Enterprise does not have this configuration option (that i'm aware of) so there is no way around it other than switching back and forth to pro edition. A option to disabled Http/2 requests in Burp Enterprise would be very helpful in my case.

Uthman, PortSwigger Agent | Last updated: Dec 13, 2021 04:10PM UTC

Hi Dawson,

I've raised a feature request to expose the option in the UI. However, you can also export it from Pro and import it as a scan config into Enterprise > Launch a new scan and you should see that HTTP/2 isn't used.

The config itself looks like this: 

{
    "project_options":{
        "http":{
            "http2":{
                "enable_http2":false
            }
        }
    }
}

We'll let you know when this can be changed in the UI instead of importing a config.

Bell, | Last updated: Dec 13, 2021 04:55PM UTC

This worked great. Thank you for the help and quick response on this!

Bell, | Last updated: Dec 13, 2021 04:55PM UTC

This worked great. Thank you for the help and quick response on this!

Bell, | Last updated: Dec 13, 2021 04:55PM UTC

This worked great. Thank you for the help and quick response on this!

Uthman, PortSwigger Agent | Last updated: Dec 13, 2021 05:02PM UTC

No problem! We'll update this thread if/when an easier method is implemented to enable/disable HTTP/2 for scans in Enterprise.

Liam, PortSwigger Agent | Last updated: Mar 29, 2022 12:16PM UTC

Hi Dawson. Would it be possible to provide us with access to the application that required you to disable HTTP/2?

You need to Log in to post a reply. Or register here, for free.