Burp Suite User Forum

Create new post

Burp possibly doesn't close HTTP2 gRPC connection gracefully

skb | Last updated: Jan 11, 2023 12:49AM UTC

First of all, thank you for your great efforts to make HTTP2 available in Burp. I'm using Go gRPC example application named RouteGuide(https://github.com/grpc/grpc-go/tree/master/examples/route_guide) to check Burp can proxy HTTP2 gRPC messages. I configured burp to: - Support HTTP/2 - Default to HTTP/2 if the server supports it As a result of simple testing, I confirmed Burp seems to be able to proxy all kind of gRPC messages(unary, client/server/bidirectional streaming) and to record these messages in history. However, if Burp proxies the message, client dumps an error saying that server closed the stream without sending trailers. I guess Burp fails to close the stream gracefully (possibly failing to send trailers back to the client?). It might be I'm missing some configuration. I appreciate if you have any ideas to solve. Thank you.

Hannah, PortSwigger Agent | Last updated: Jan 11, 2023 10:12AM UTC

Hi Unfortunately, gRPC is not supported in Burp. We're also not able to send trailing headers with HTTP/2. We have an ongoing feature request for this functionality, to which we have added your +1.

Japh07 | Last updated: Jan 29, 2023 11:31PM UTC

+1

William | Last updated: Mar 16, 2023 09:50PM UTC

+1

Hannah, PortSwigger Agent | Last updated: Mar 17, 2023 09:47AM UTC

Thnks for the feedback, we've added your +1's to the ongoing feature request.

Serhat | Last updated: Apr 17, 2023 10:39AM UTC

+1

Niv | Last updated: May 14, 2023 11:56AM UTC

+1

Hannah, PortSwigger Agent | Last updated: May 15, 2023 08:38AM UTC

We've added your additional plus ones as well.

Christian | Last updated: May 15, 2023 09:24PM UTC

+1

Akram | Last updated: Jun 17, 2023 09:50PM UTC

+1

Hannah, PortSwigger Agent | Last updated: Jun 19, 2023 08:38AM UTC

Thanks for the feedback, we've added these plus ones.

Sachin | Last updated: Jun 21, 2023 05:24PM UTC

+1

Andres | Last updated: Jun 21, 2023 05:25PM UTC

+9000

Hannah, PortSwigger Agent | Last updated: Jun 22, 2023 08:15AM UTC

Thank you, we've also added these to the ongoing ticket.

Steven | Last updated: Jun 26, 2023 08:59AM UTC

+1 :)

Aleksandr | Last updated: Jul 16, 2023 05:28AM UTC

+1

Hannah, PortSwigger Agent | Last updated: Jul 17, 2023 09:02AM UTC

Thank you! We've also added these +1s.

Ali | Last updated: Sep 19, 2023 04:56PM UTC

+1 and check this https://github.com/nxenon/grpc-pentest-suite

Dominyque, PortSwigger Agent | Last updated: Sep 20, 2023 07:07AM UTC

Hi Ali I have added your interest to the feature request.

navdeep | Last updated: Oct 13, 2023 02:09PM UTC

Cool + check this https://github.com/grpc-ecosystem/awesome-grpc#tools

Vanderlei | Last updated: Dec 01, 2023 09:02AM UTC

+1

Ben, PortSwigger Agent | Last updated: Dec 01, 2023 10:36AM UTC

Thank you. We have recorded your interest in this feature and will update this forum thread if we have any further news to share.

Bhaskar | Last updated: May 13, 2024 07:52AM UTC

+1111111

Bhaskar | Last updated: May 13, 2024 07:52AM UTC

Can we get an eta please.

Dominyque, PortSwigger Agent | Last updated: May 13, 2024 08:25AM UTC

Hi Bhaskar We are unable to provide an ETA on when this will be implemented. This ticket is in our backlog; however, it is currently not in our short-term plans to implement it, as our devs are focused on their current workload. As mentioned above, if we do have any updates to share on this ticket, we will update the thread. Thank you.

Utsav | Last updated: May 13, 2024 12:22PM UTC

This is the need of the hour +1

Dominyque, PortSwigger Agent | Last updated: May 13, 2024 12:40PM UTC

Hi Utsav I've added your +1 to our ongoing feature request for this.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.