Burp Suite User Forum

Login to post

HTTP/1.1 to HTTP/2 conversion in Repeater and subsequent communication error

Roman | Last updated: Nov 29, 2021 02:20PM UTC

Hi, I'm at the beginning stages of working on the new HTTP/2 Smuggling labs using Chrome browser and Burp Suite Community Edition v2020.10.2. The lab is called H2.CL request smuggling. The vulnerable web site is said not to advertise HTTP/2 via ALPN so requires the override HTTP/2 ALPN option when using the inspector to change a request from HTTP/1.1 to HTTP/2. When I do not use this option, I get a warning that the ALPN advertising for HTTP/2 is not there so I restore that option. However when I change to HTTP/2 and have this override set, all that results is a quick return and a dashboard indicated communication error. Changing it back to HTTP/1.1 results in a 200 OK. Not sure what is going on. I tried the same test on all requests on the vulnerable site and get the same result. I tried this outside my corporate network and get the same result. So my question is how do I get this conversion to work correctly? I'm sure the problem is on my side. Thanks, Roman

Hannah, PortSwigger Agent | Last updated: Nov 30, 2021 11:38AM UTC

Hi Roman Are you still having issues with this lab? I've just tested it and can confirm it is working as expected. You could try disabling any extensions, in case they are modifying your traffic, and double-checking that you have the "HTTP/2 ALPN Override" option checked, the "Update Content-Length" option unchecked, and that you are using HTTP/2 to send your request under "Inspector > Request attributes".

Roman | Last updated: Nov 30, 2021 03:52PM UTC

Hannah, Thanks for your reply. Yes I am still not getting the switch to HTTP/2 to work correctly (dashboard shows communication errors) in conjunction with this lab. Thanks for checking the lab though I'm certain the issue is on my side. I disabled the logger++ extension as you mentioned. That is the only one I use currently. The other settings (HTTP/2 ALPN Override checked, Update Content Length unchecked, Inspector>Request Attributes set to HTTP/2) are all set as you directed. I ran it again on my home network (taking my work VPN and Proxy out of the equation) and it failed with the same error under those conditions. The dashboard makes clear that successful HTTP/2 connections to Google and other sites are going on so it is not specifically about my ability to communicate over HTTP/2. Since the error is most likely on my side, do you have any recommendation on getting a detailed dump of the communications conversation so I can find the exact point where the failure occurs? The loggers, even when put into debug mode, do not provide the details I need to correct my issue. Thanks, Roman

Roman | Last updated: Nov 30, 2021 04:19PM UTC

Hannah, I'm not sure if the following information helps or not. I just copied to Repeater one of the HTTP/2 communications that was working outside of the lab according to the dashboard: GET /users/youraccount HTTP/2 Host: portswigger.net With the settings for repeater set correctly, I changed this one to HTTP/1.1 - that worked. I changed it back to HTTP/2 and that worked correctly. The outstanding difference from the lab is the lack of ALPN HTTP/2 advertising in the lab. So it appears that somehow the ALPN override handling on my side is failing. If there is a way to turn on low level logging and capture it for this interaction, that might help pinpoint where the issue happens when comparing good conversions and troublesome conversions. Thanks, Roman

Hannah, PortSwigger Agent | Last updated: Nov 30, 2021 04:27PM UTC

Hi Roman Thanks for that information. Could you drop us an email at support@portswigger.net with your diagnostics information ("Help > Diagnostics" within Burp) and some screenshots, so that we can better understand what's going on?

Roman | Last updated: Dec 03, 2021 08:11PM UTC

Hannah, Sure. Will do. I was off for a couple of days so didn't see this until today. Regards, Roman

Roman | Last updated: Dec 03, 2021 08:33PM UTC

Hannah, Diagnostics Email Sent. Let me know what else I can do to figure this out. Thanks, Roman

Hannah, PortSwigger Agent | Last updated: Dec 06, 2021 10:53AM UTC

Hi Roman Thank you, we've received your email.

Nikhil | Last updated: Mar 16, 2023 05:37AM UTC

same issue here help me out too

Ben, PortSwigger Agent | Last updated: Mar 20, 2023 10:45AM UTC

Hi Nikhil Are you able to provide us with some precise details of the issue that you are currently facing so that we can assist you further with this?

You need to Log in to post a reply. Or register here, for free.