Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Forcing HTTP/1.0, particularly using Repeater

Rob | Last updated: Jun 08, 2022 06:21AM UTC

With the new http/2 normalizing 'feature' I now appear to be unable to use/force HTTP/1.0, which is required for IP address leakage findings: https://portswigger.net/burp/documentation/desktop/http2 I feel there should be an option within the Repeater (perhaps a wider burp option too) that allows HTTP/1.0 without automatically normalizing to HTTP/2

Rob | Last updated: Jun 08, 2022 06:28AM UTC

I forgot to mention I tried the options mentioned under the link, including unticking the "Normalize HTTP/1 line endings" above but they didn't work.

Michelle, PortSwigger Agent | Last updated: Jun 08, 2022 09:17AM UTC

Thanks for your message. Burp will default to using HTTP/2 if the server supports it. If you want to force Burp to use HTTP/1.1 then you do have the option to configure this. If you are using Burp proxy and want to force the traffic between the client and Burp to use HTTP/1.1 you can configure this under: Proxy -> Options -> Proxy Listener -> Edit -> HTTP -> Uncheck 'Support HTTP/2' If you want to force all requests from Burp to the target server to use HTTP/1.1 you can configure this under: Project Options -> HTTP -> HTTP/2 -> Uncheck 'Default to HTTP/2 if the server supports it' I hope this helps. If you have any further questions and would like to share some example requests and responses, feel free to send an email to support@portswigger.net.

Rob | Last updated: Jul 10, 2022 09:56AM UTC

Thanks for the response Michelle, the bug is related to HTTP/1.0 not HTTP/1.1. You should be able to see the issue with HTTP/1.0

Michelle, PortSwigger Agent | Last updated: Jul 11, 2022 03:05PM UTC

If you have HTTP/2 disabled and have not enabled the menu option Repeater -> Enable HTTP/1 connection reuse then you should be able to create and send the HTTP/1.0 request using Repeater. Is this something that was previously working for you and has stopped working in more recent versions of Burp? Which version of Burp are you currently using? If you can email some screenshots of the request you're sending and the response you get from the server to support@portswigger.net, we'll take a closer look and confirm we're trying to replicate the same thing.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.