The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

HTTP/1.1 requests are silently upgraded to HTTP/2

Mike | Last updated: Jun 14, 2021 09:05PM UTC

I have a setup where I'm running a CLI REST client through Burp Pro. In Burp Proxy History I see: Request ------ GET /some/api/path HTTP/1.1 ... Response ------ HTTP/2 200 ok ... and then my CLI client blows up with "Invalid protocol" error. The HTTP/1.1 spec (RFC 7230 section 6.7) says: > A server MUST NOT switch to a protocol that was not indicated by the client in the corresponding request's Upgrade header field. Section 6.7 goes on to describe how you properly do a protocol uprgade via a 101 Switching Protocols response. As far as I can tell, Burp is initiating an HTTP/2 connection to the server, and then forwarding the HTTP/2 response back to the client that believes it is speaking HTTP/1.1. This is a bug in Burp since it is hard-switching protocols in violation of RFC 7230. The client is correct to kill the connection. Note that if I go to Project Options and disable HTTP/2, then everything works, but this is still a bug in Burp. I can provide more detailed debugging info (like the full req's resp's) to support, but I don't want to post them publicly.

Uthman, PortSwigger Agent | Last updated: Jun 15, 2021 08:21AM UTC

Hi Mike, Thanks for reporting this issue. Our development team is currently investigating. If possible, can you please share some further information with support@portswigger.net?

Uthman, PortSwigger Agent | Last updated: Jun 16, 2021 07:11AM UTC

Hi Mike, We have identified an issue with HTTP/2 incorrectly being reported in responses in some cases. We will update this thread when a fix has been implemented.

Michelle, PortSwigger Agent | Last updated: Jul 23, 2021 01:39PM UTC

Hi We just wanted to let you know that you can re-test this using the latest Early Adopter release of Burp as we have included a fix relating to this issue in version 2021.7 Please let us know if you have any questions.

Mohamed | Last updated: Aug 10, 2021 12:24PM UTC

Problem persists even 2021.8

Uthman, PortSwigger Agent | Last updated: Aug 10, 2021 12:27PM UTC