Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Forcing HTTP/1.0, particularly using Repeater

Rob | Last updated: Jun 08, 2022 06:21AM UTC

With the new http/2 normalizing 'feature' I now appear to be unable to use/force HTTP/1.0, which is required for IP address leakage findings: https://portswigger.net/burp/documentation/desktop/http2 I feel there should be an option within the Repeater (perhaps a wider burp option too) that allows HTTP/1.0 without automatically normalizing to HTTP/2

Rob | Last updated: Jun 08, 2022 06:28AM UTC

I forgot to mention I tried the options mentioned under the link, including unticking the "Normalize HTTP/1 line endings" above but they didn't work.

Michelle, PortSwigger Agent | Last updated: Jun 08, 2022 09:17AM UTC

Thanks for your message. Burp will default to using HTTP/2 if the server supports it. If you want to force Burp to use HTTP/1.1 then you do have the option to configure this. If you are using Burp proxy and want to force the traffic between the client and Burp to use HTTP/1.1 you can configure this under: Proxy -> Options -> Proxy Listener -> Edit -> HTTP -> Uncheck 'Support HTTP/2' If you want to force all requests from Burp to the target server to use HTTP/1.1 you can configure this under: Project Options -> HTTP -> HTTP/2 -> Uncheck 'Default to HTTP/2 if the server supports it' I hope this helps. If you have any further questions and would like to share some example requests and responses, feel free to send an email to support@portswigger.net.

Rob | Last updated: Jul 10, 2022 09:56AM UTC

Thanks for the response Michelle, the bug is related to HTTP/1.0 not HTTP/1.1. You should be able to see the issue with HTTP/1.0

Michelle, PortSwigger Agent | Last updated: Jul 11, 2022 03:05PM UTC

If you have HTTP/2 disabled and have not enabled the menu option Repeater -> Enable HTTP/1 connection reuse then you should be able to create and send the HTTP/1.0 request using Repeater. Is this something that was previously working for you and has stopped working in more recent versions of Burp? Which version of Burp are you currently using? If you can email some screenshots of the request you're sending and the response you get from the server to support@portswigger.net, we'll take a closer look and confirm we're trying to replicate the same thing.

Jeffrey | Last updated: May 01, 2024 05:24PM UTC

I have not been able to get this to work. Could you elaborate on all the things that make Burp use http/2 over http/1.1. I simply want to issue an http/1.0 or http/1.1 request in repeater. up on the top right, next to "target", it says http/2. if i change http/2 to http/1.1 in the raw request, it changes back to http/2. I've enabled http/1 connection reuse in the repeater settings. I've disabled that for http/2. In settings -> network -> http -> http/2 I've disabled "default to http/2 if the server supports it". What else must I do to not use http/2 in a repeater request?

Michelle, PortSwigger Agent | Last updated: May 02, 2024 09:17AM UTC